# Resources for AddonComponents grafana component apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-citadel-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: citadel-dashboard.json: '{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "description": "", "editable": true, "gnetId": null, "graphTooltip": 0, "links": [], "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 8, "panels": [], "title": "Performance", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "CPU usage across Citadel instances.", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 1 }, "id": 10, "legend": { "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"citadel\", pod=~\"istio-citadel-.*\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Citadel CPU usage rate", "refId": "A" }, { "expr": "irate(process_cpu_seconds_total{job=\"citadel\"}[1m])", "format": "time_series", "intervalFactor": 1, "legendFormat": "Citadel CPU usage irate", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "Citadel process memory statistics.", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 1 }, "id": 12, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Virtual Memory", "refId": "A" }, { "expr": "process_resident_memory_bytes{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Resident Memory", "refId": "B" }, { "expr": "go_memstats_heap_sys_bytes{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Heap Memory Total", "refId": "C" }, { "expr": "go_memstats_alloc_bytes{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Heap Memory Allocated", "refId": "E" }, { "expr": "go_memstats_heap_inuse_bytes{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Heap Inuse", "refId": "F" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 1 }, "id": 14, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Goroutines", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 7 }, "id": 28, "panels": [], "title": "General", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "Total number of CSR requests made to Citadel.", "fill": 1, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 8 }, "id": 30, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "citadel_server_csr_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "CSR Request Count", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CSR Requests", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "The number of certificates issuances that have succeeded.", "fill": 1, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 8 }, "id": 32, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "citadel_server_success_cert_issuance_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Certificates Issued", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Certificates Issued", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 13 }, "id": 23, "panels": [], "title": "Errors", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "The number of errors occurred when creating the CSR.", "fill": 1, "gridPos": { "h": 5, "w": 8, "x": 0, "y": 14 }, "id": 20, "legend": { "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "citadel_secret_controller_csr_err_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "CSR Creation Error Count", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CSR Creation Errors", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 5, "w": 8, "x": 8, "y": 14 }, "id": 24, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "citadel_server_csr_parsing_err_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "CSR Parse Error Count", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CSR Parse Errors", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "The number of authentication failures.", "fill": 1, "gridPos": { "h": 5, "w": 8, "x": 16, "y": 14 }, "id": 26, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "citadel_server_authentication_failure_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Authentication Failure Count", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Authentication Failures", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 19 }, "id": 4, "panels": [], "title": "Secret Controller", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "The number of certificates created due to service account creation.", "fill": 1, "gridPos": { "h": 5, "w": 8, "x": 0, "y": 20 }, "id": 2, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": true, "targets": [ { "expr": "citadel_secret_controller_svc_acc_created_cert_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "SA Secrets Created", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Service Account Secrets Created (due to SA creation)", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "decimals": null, "format": "short", "label": "Certs Created", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "The number of certificates deleted due to service account deletion.", "fill": 1, "gridPos": { "h": 5, "w": 8, "x": 8, "y": 20 }, "id": 16, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": true, "targets": [ { "expr": "citadel_secret_controller_svc_acc_deleted_cert_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "SA Secrets Deleted", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Service Account Secrets Deleted (due to SA deletion)", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "decimals": null, "format": "short", "label": "Certs Created", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "The number of certificates recreated due to secret deletion (service account still exists).", "fill": 1, "gridPos": { "h": 5, "w": 8, "x": 16, "y": 20 }, "id": 6, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": true, "targets": [ { "expr": "citadel_secret_controller_secret_deleted_cert_count{job=\"citadel\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "SA Secrets Recreated", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Service Account Secrets Recreated (due to errant deletion)", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "decimals": null, "format": "short", "label": "Certs Created", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 18, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", "title": "Istio Citadel Dashboard", "uid": "OOyOqb4Wz", "version": 1 }' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-galley-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: galley-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": "Prometheus" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 0, "links": [], "panels": [ { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 0 }, "id": 46, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build{component=\"galley\"}) by (tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Galley Versions", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 5 }, "id": 40, "panels": [], "title": "Resource Usage", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 0, "y": 6 }, "id": 36, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Virtual Memory", "refId": "A" }, { "expr": "process_resident_memory_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", "refId": "B" }, { "expr": "go_memstats_heap_sys_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "heap sys", "refId": "C" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "heap alloc", "refId": "D" }, { "expr": "go_memstats_alloc_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F" }, { "expr": "go_memstats_heap_inuse_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": "G" }, { "expr": "go_memstats_stack_inuse_bytes{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "H" }, { "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"})", "format": "time_series", "intervalFactor": 1, "legendFormat": "Total (kis)", "refId": "E" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 6, "y": 6 }, "id": 38, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}[1m])) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ container }} (k8s)", "refId": "B" }, { "expr": "irate(process_cpu_seconds_total{job=\"galley\"}[1m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "galley (self-reported)", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 12, "y": 6 }, "id": 42, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_open_fds{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Open FDs (galley)", "refId": "A" }, { "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"galley\", pod=~\"istio-galley-.*\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ container }} ", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 6, "x": 18, "y": 6 }, "id": 44, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"galley\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "goroutines_total", "refId": "A" }, { "expr": "istio_mcp_clients_total{component=\"galley\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "clients_total", "refId": "B" }, { "expr": "go_goroutines{job=\"galley\"}/sum(istio_mcp_clients_total{component=\"galley\"}) without (component)", "format": "time_series", "intervalFactor": 1, "legendFormat": "avg_goroutines_per_client", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 14 }, "id": 10, "panels": [], "title": "Runtime", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 15 }, "id": 2, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(galley_runtime_strategy_on_change_total[1m])) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Strategy Change Events", "refId": "A" }, { "expr": "sum(rate(galley_runtime_processor_events_processed_total[1m])) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Processed Events", "refId": "B" }, { "expr": "sum(rate(galley_runtime_processor_snapshots_published_total[1m])) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Snapshot Published", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Event Rates", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 15 }, "id": 4, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(galley_runtime_strategy_timer_max_time_reached_total[1m])) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Max Time Reached", "refId": "A" }, { "expr": "sum(rate(galley_runtime_strategy_timer_quiesce_reached_total[1m])) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Quiesce Reached", "refId": "B" }, { "expr": "sum(rate(galley_runtime_strategy_timer_resets_total[1m])) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Timer Resets", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Timer Rates", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 15 }, "id": 8, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 3, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": true, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", "format": "time_series", "intervalFactor": 1, "legendFormat": "P50", "refId": "A" }, { "expr": "histogram_quantile(0.90, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", "format": "time_series", "intervalFactor": 1, "legendFormat": "P90", "refId": "B" }, { "expr": "histogram_quantile(0.95, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", "format": "time_series", "intervalFactor": 1, "legendFormat": "P95", "refId": "C" }, { "expr": "histogram_quantile(0.99, sum by (le) (galley_runtime_processor_snapshot_events_total_bucket))", "format": "time_series", "intervalFactor": 1, "legendFormat": "P99", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Events Per Snapshot", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 21 }, "id": 6, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum by (collection) (galley_runtime_state_type_instances_total)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ collection }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "State Type Instances", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Count", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 27 }, "id": 34, "panels": [], "title": "Validation", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 28 }, "id": 28, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "galley_validation_cert_key_updates{}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Key Updates", "refId": "A" }, { "expr": "galley_validation_cert_key_update_errors{}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Key Update Errors: {{ error }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Validation Webhook Certificate", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 28 }, "id": 30, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(galley_validation_passed{}) by (group, version, resource)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Passed: {{ group }}/{{ version }}/{{resource}}", "refId": "A" }, { "expr": "sum(galley_validation_failed{}) by (group, version, resource, reason)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Failed: {{ group }}/{{ version }}/{{resource}} ({{ reason}})", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Resource Validation", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 28 }, "id": 32, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(galley_validation_http_error{}) by (status)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ status }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Validation HTTP Errors", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 34 }, "id": 12, "panels": [], "title": "Kubernetes Source", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 35 }, "id": 14, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "rate(galley_source_kube_event_success_total[1m]) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Success", "refId": "A" }, { "expr": "rate(galley_source_kube_event_error_total[1m]) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Error", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Source Event Rate", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events/min", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 35 }, "id": 24, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "rate(galley_source_kube_dynamic_converter_failure_total[1m]) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "Error", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Kubernetes Object Conversion Failures", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Failures/min", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 41 }, "id": 18, "panels": [], "title": "Mesh Configuration Protocol", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 42 }, "id": 20, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_mcp_clients_total{component=\"galley\"})", "format": "time_series", "intervalFactor": 1, "legendFormat": "Clients", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Connected Clients", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 42 }, "id": 22, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum by(collection)(irate(istio_mcp_request_acks_total{component=\"galley\"}[1m]) * 60)", "format": "time_series", "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Request ACKs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "ACKs/min", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 42 }, "id": 26, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "rate(istio_mcp_request_nacks_total{component=\"galley\"}[1m]) * 60", "format": "time_series", "intervalFactor": 1, "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Request NACKs", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "NACKs/min", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", "title": "Istio Galley Dashboard", "uid": "TSEY6jLmk", "version": 1 } ' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-istio-mesh-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: istio-mesh-dashboard.json: '{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 0, "id": null, "links": [], "panels": [ { "content": "
\n
\n Istio\n
\n
\n Istio is an open platform that provides a uniform way to connect,\n manage, and \n secure microservices.\n
\n Need help? Join the Istio community.\n
\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": "50px", "id": 13, "links": [], "mode": "html", "style": { "font-size": "18pt" }, "title": "", "transparent": true, "type": "text" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 0, "y": 3 }, "id": 20, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": "Global Request Volume", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "percentunit", "gauge": { "maxValue": 100, "minValue": 80, "show": false, "thresholdLabels": false, "thresholdMarkers": false }, "gridPos": { "h": 3, "w": 6, "x": 6, "y": 3 }, "id": 21, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))", "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "95, 99, 99.5", "title": "Global Success Rate (non-5xx responses)", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 12, "y": 3 }, "id": 22, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ", "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": "4xxs", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 18, "y": 3 }, "id": 23, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ", "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": "5xxs", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 0, "y": 6 }, "id": 113, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "avg(galley_istio_networking_virtualservices)", "format": "time_series", "intervalFactor": 1, "refId": "A" } ], "thresholds": "", "timeFrom": null, "timeShift": null, "title": "Virtual Services", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 6, "y": 6 }, "id": 114, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "avg(galley_istio_networking_destinationrules)", "format": "time_series", "intervalFactor": 1, "refId": "A" } ], "thresholds": "", "timeFrom": null, "timeShift": null, "title": "Destination Rules", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 12, "y": 6 }, "id": 115, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "avg(galley_istio_networking_gateways)", "format": "time_series", "intervalFactor": 1, "refId": "A" } ], "thresholds": "", "timeFrom": null, "timeShift": null, "title": "Gateways", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 18, "y": 6 }, "id": 116, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "avg(galley_istio_authentication_meshpolicies)", "format": "time_series", "hide": false, "intervalFactor": 1, "refId": "A" } ], "thresholds": "", "timeFrom": null, "timeShift": null, "title": "Authentication Mesh Policies", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "columns": [], "datasource": "Prometheus", "fontSize": "100%", "gridPos": { "h": 21, "w": 24, "x": 0, "y": 9 }, "hideTimeOverride": false, "id": 73, "links": [], "pageSize": null, "repeat": null, "repeatDirection": "v", "scroll": true, "showHeader": true, "sort": { "col": 4, "desc": true }, "styles": [ { "alias": "Workload", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": false, "linkTargetBlank": false, "linkTooltip": "Workload dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_", "pattern": "destination_workload", "preserveFormat": false, "sanitize": false, "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Time", "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Requests", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #A", "thresholds": [], "type": "number", "unit": "ops" }, { "alias": "P50 Latency", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #B", "thresholds": [], "type": "number", "unit": "s" }, { "alias": "P90 Latency", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #D", "thresholds": [], "type": "number", "unit": "s" }, { "alias": "P99 Latency", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #E", "thresholds": [], "type": "number", "unit": "s" }, { "alias": "Success Rate", "colorMode": "cell", "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #F", "thresholds": [ ".95", " 1.00" ], "type": "number", "unit": "percentunit" }, { "alias": "Workload", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3", "pattern": "destination_workload_var", "thresholds": [], "type": "number", "unit": "short" }, { "alias": "Service", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", "pattern": "destination_service", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "destination_workload_namespace", "thresholds": [], "type": "hidden", "unit": "short" } ], "targets": [ { "expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", "refId": "A" }, { "expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}", "refId": "B" }, { "expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "D" }, { "expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "E" }, { "expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "interval": "", "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "F" } ], "timeFrom": null, "title": "HTTP/GRPC Workloads", "transform": "table", "type": "table" }, { "columns": [], "datasource": "Prometheus", "fontSize": "100%", "gridPos": { "h": 18, "w": 24, "x": 0, "y": 30 }, "hideTimeOverride": false, "id": 109, "links": [], "pageSize": null, "repeatDirection": "v", "scroll": true, "showHeader": true, "sort": { "col": 2, "desc": true }, "styles": [ { "alias": "Workload", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": false, "linkTargetBlank": false, "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell", "pattern": "destination_workload", "preserveFormat": false, "sanitize": false, "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Bytes Sent", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #A", "thresholds": [ "" ], "type": "number", "unit": "Bps" }, { "alias": "Bytes Received", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Value #C", "thresholds": [], "type": "number", "unit": "Bps" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "Time", "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Workload", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2", "pattern": "destination_workload_var", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "destination_workload_namespace", "thresholds": [], "type": "hidden", "unit": "short" }, { "alias": "Service", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "link": true, "linkTooltip": "$__cell dashboard", "linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell", "pattern": "destination_service", "thresholds": [], "type": "number", "unit": "short" } ], "targets": [ { "expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}", "refId": "C" }, { "expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")", "format": "table", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}", "refId": "A" } ], "timeFrom": null, "title": "TCP Workloads", "transform": "table", "type": "table" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 48 }, "id": 111, "legend": { "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build) by (component, tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ component }}: {{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Istio Components by Version", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 18, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Istio Mesh Dashboard", "uid": "G8wLrJIZk", "version": 5 } ' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-istio-performance-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: istio-performance-dashboard.json: '{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 0, "id": 9, "links": [], "panels": [ { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 21, "panels": [ { "content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n", "gridPos": { "h": 6, "w": 24, "x": 0, "y": 1 }, "id": 19, "links": [], "mode": "markdown", "timeFrom": null, "timeShift": null, "title": "Performance Dashboard README", "transparent": true, "type": "text" } ], "title": "Performance Dashboard Notes", "type": "row" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 1 }, "id": 6, "panels": [], "title": "vCPU Usage", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 2 }, "id": 4, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "istio-telemetry", "refId": "A" }, { "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "istio-ingressgateway", "refId": "B" }, { "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", "refId": "C" }, { "expr": "(sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "vCPU / 1k rps", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 2 }, "id": 7, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", "refId": "A" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-ingressgateway", "refId": "B" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", "refId": "C" }, { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "vCPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 10 }, "id": 13, "panels": [], "title": "Memory and Data Rates", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 11 }, "id": 902, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry / 1k rps", "refId": "A" }, { "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})", "format": "time_series", "intervalFactor": 1, "legendFormat": "per istio-ingressgateway", "refId": "B" }, { "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",namespace!=\"istio-system\",container=\"istio-proxy\"})", "format": "time_series", "intervalFactor": 1, "legendFormat": "per istio proxy", "refId": "C" }, { "expr": "(sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-policy / 1k rps", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory Usage", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 11 }, "id": 11, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-telemetry", "refId": "A" }, { "expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-ingressgateway", "refId": "B" }, { "expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio-proxy", "refId": "C" }, { "expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "istio_policy", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Bytes transferred / sec", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 19 }, "id": 17, "panels": [], "title": "Istio Component Versions", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "fill": 1, "gridPos": { "h": 8, "w": 24, "x": 0, "y": 20 }, "id": 15, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build) by (component, tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ component }}: {{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Istio Components by Version", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 31 }, "id": 71, "panels": [], "title": "Proxy Resource Usage", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 32 }, "id": 72, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"})", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ container }} (k8s)", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 32 }, "id": 73, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "vCPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 12, "y": 32 }, "id": 702, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ container }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 39 }, "id": 69, "panels": [], "title": "Pilot Resource Usage", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 40 }, "id": 5, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=\"pilot\"}", "format": "time_series", "instant": false, "intervalFactor": 2, "legendFormat": "Virtual Memory", "refId": "I", "step": 2 }, { "expr": "process_resident_memory_bytes{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", "refId": "H", "step": 2 }, { "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap sys", "refId": "A" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap alloc", "refId": "D" }, { "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F", "step": 2 }, { "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": "E", "step": 2 }, { "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "G", "step": 2 }, { "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"})", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "C", "step": 2 }, { "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ container }} (k8s)", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 40 }, "id": 602, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "A", "step": 2 }, { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}[1m])) by (container)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ container }} (k8s)", "refId": "B", "step": 2 }, { "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "pilot (self-reported)", "refId": "C", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "vCPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 12, "y": 40 }, "id": 74, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_open_fds{job=\"pilot\"}", "format": "time_series", "hide": true, "instant": false, "interval": "", "intervalFactor": 2, "legendFormat": "Open FDs (pilot)", "refId": "A" }, { "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ container }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 40 }, "id": 402, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": false, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 47 }, "id": 93, "panels": [], "title": "Mixer Resource Usage", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 48 }, "id": 94, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", "format": "time_series", "instant": false, "intervalFactor": 2, "legendFormat": "Virtual Memory", "refId": "I", "step": 2 }, { "expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", "refId": "H", "step": 2 }, { "expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap sys", "refId": "A" }, { "expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap alloc", "refId": "D" }, { "expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F", "step": 2 }, { "expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": "E", "step": 2 }, { "expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "G", "step": 2 }, { "expr": "sum(container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "C", "step": 2 }, { "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ container }} (k8s)", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 48 }, "id": 95, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Total (k8s)", "refId": "A", "step": 2 }, { "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ container }} (k8s)", "refId": "B", "step": 2 }, { "expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "mixer (self-reported)", "refId": "C", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "vCPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 12, "y": 48 }, "id": 96, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}", "format": "time_series", "hide": true, "instant": false, "interval": "", "intervalFactor": 2, "legendFormat": "Open FDs (pilot)", "refId": "A" }, { "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ container }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 48 }, "id": 97, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": false, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"istio-telemetry\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "10s", "schemaVersion": 18, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", "title": "Istio Performance Dashboard", "uid": "vu8e0VWZk", "version": 22 } ' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-istio-service-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: istio-service-dashboard.json: '{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 0, "iteration": 1536442501501, "links": [], "panels": [ { "content": "
\nSERVICE: $service\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "id": 89, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 3 }, "id": 12, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)", "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": "Client Request Volume", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(50, 172, 45, 0.97)", "rgba(237, 129, 40, 0.89)", "rgba(245, 54, 54, 0.9)" ], "datasource": "Prometheus", "decimals": null, "format": "percentunit", "gauge": { "maxValue": 100, "minValue": 80, "show": false, "thresholdLabels": false, "thresholdMarkers": false }, "gridPos": { "h": 4, "w": 6, "x": 6, "y": 3 }, "id": 14, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))", "format": "time_series", "intervalFactor": 1, "refId": "B" } ], "thresholds": "95, 99, 99.5", "title": "Client Success Rate (non-5xx responses)", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 4, "w": 6, "x": 12, "y": 3 }, "id": 87, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": false, "hideZero": false, "max": false, "min": false, "rightSide": true, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", "format": "time_series", "interval": "", "intervalFactor": 1, "legendFormat": "P50", "refId": "A" }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "P90", "refId": "B" }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "P99", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Client Request Duration", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "Prometheus", "format": "Bps", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 6, "x": 18, "y": 3 }, "id": 84, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": "", "title": "TCP Received Bytes", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 7 }, "id": 97, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)", "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": "Server Request Volume", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(50, 172, 45, 0.97)", "rgba(237, 129, 40, 0.89)", "rgba(245, 54, 54, 0.9)" ], "datasource": "Prometheus", "decimals": null, "format": "percentunit", "gauge": { "maxValue": 100, "minValue": 80, "show": false, "thresholdLabels": false, "thresholdMarkers": false }, "gridPos": { "h": 4, "w": 6, "x": 6, "y": 7 }, "id": 98, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))", "format": "time_series", "intervalFactor": 1, "refId": "B" } ], "thresholds": "95, 99, 99.5", "title": "Server Success Rate (non-5xx responses)", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 4, "w": 6, "x": 12, "y": 7 }, "id": 99, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": false, "hideZero": false, "max": false, "min": false, "rightSide": true, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", "format": "time_series", "interval": "", "intervalFactor": 1, "legendFormat": "P50", "refId": "A" }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "P90", "refId": "B" }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "P99", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Server Request Duration", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "Prometheus", "format": "Bps", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 6, "x": 18, "y": 7 }, "id": 100, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": "", "title": "TCP Sent Bytes", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "content": "
\nCLIENT WORKLOADS\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 11 }, "id": 45, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 14 }, "id": 25, "legend": { "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null as zero", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Requests by Source And Response Code", "tooltip": { "shared": false, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 14 }, "id": 26, "legend": { "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Success Rate (non-5xx responses) By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percentunit", "label": null, "logBase": 1, "max": "1.01", "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 20 }, "id": 27, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", "refId": "E", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", "refId": "F", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", "refId": "G", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Request Duration by Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 20 }, "id": 28, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Request Size By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 20 }, "id": 68, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Response Size By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 26 }, "id": 80, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Received from Incoming TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 26 }, "id": 82, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Sent to Incoming TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": "
\nSERVICE WORKLOADS\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 32 }, "id": 69, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 35 }, "id": 90, "legend": { "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null as zero", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Requests by Destination And Response Code", "tooltip": { "shared": false, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 35 }, "id": 91, "legend": { "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Success Rate (non-5xx responses) By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percentunit", "label": null, "logBase": 1, "max": "1.01", "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 41 }, "id": 94, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", "refId": "E", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", "refId": "F", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", "refId": "G", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Request Duration by Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 41 }, "id": 95, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Request Size By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 41 }, "id": 96, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Response Size By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 47 }, "id": 92, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Received from Incoming TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 47 }, "id": 93, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Sent to Incoming TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "10s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": [ { "allValue": null, "datasource": "Prometheus", "hide": 0, "includeAll": false, "label": "Service", "multi": false, "name": "service", "options": [], "query": "label_values(destination_service)", "refresh": 1, "regex": "", "sort": 0, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": { "text": "All", "value": "$__all" }, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Client Workload Namespace", "multi": true, "name": "srcns", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))", "refresh": 1, "regex": "/.*namespace=\"([^\"]*).*/", "sort": 2, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": { "text": "All", "value": "$__all" }, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Client Workload", "multi": true, "name": "srcwl", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", "refresh": 1, "regex": "/.*workload=\"([^\"]*).*/", "sort": 3, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": { "text": "All", "value": "$__all" }, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Service Workload Namespace", "multi": true, "name": "dstns", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))", "refresh": 1, "regex": "/.*namespace=\"([^\"]*).*/", "sort": 2, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": { "text": "All", "value": "$__all" }, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Service Workload", "multi": true, "name": "dstwl", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))", "refresh": 1, "regex": "/.*workload=\"([^\"]*).*/", "sort": 3, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", "title": "Istio Service Dashboard", "uid": "LJ_uJAvmk", "version": 1 } ' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-istio-workload-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: istio-workload-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "5.0.4" }, { "type": "panel", "id": "graph", "name": "Graph", "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": "Prometheus", "version": "5.0.0" }, { "type": "panel", "id": "singlestat", "name": "Singlestat", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 0, "id": null, "iteration": 1531345461465, "links": [], "panels": [ { "content": "
\nWORKLOAD: $workload.$namespace\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "id": 89, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "Prometheus", "format": "ops", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 8, "x": 0, "y": 3 }, "id": 12, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)", "format": "time_series", "intervalFactor": 1, "refId": "A", "step": 4 } ], "thresholds": "", "title": "Incoming Request Volume", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "current" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(50, 172, 45, 0.97)", "rgba(237, 129, 40, 0.89)", "rgba(245, 54, 54, 0.9)" ], "datasource": "Prometheus", "decimals": null, "format": "percentunit", "gauge": { "maxValue": 100, "minValue": 80, "show": false, "thresholdLabels": false, "thresholdMarkers": false }, "gridPos": { "h": 4, "w": 8, "x": 8, "y": 3 }, "id": 14, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))", "format": "time_series", "intervalFactor": 1, "refId": "B" } ], "thresholds": "95, 99, 99.5", "title": "Incoming Success Rate (non-5xx responses)", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 4, "w": 8, "x": 16, "y": 3 }, "id": 87, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": false, "hideZero": false, "max": false, "min": false, "rightSide": true, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", "format": "time_series", "interval": "", "intervalFactor": 1, "legendFormat": "P50", "refId": "A" }, { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "P90", "refId": "B" }, { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "P99", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Request Duration", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "Prometheus", "format": "Bps", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 12, "x": 0, "y": 7 }, "id": 84, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": "", "title": "TCP Server Traffic", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "Prometheus", "format": "Bps", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 12, "x": 12, "y": 7 }, "id": 85, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": true, "lineColor": "rgb(31, 120, 193)", "show": true }, "tableColumn": "", "targets": [ { "expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], "thresholds": "", "title": "TCP Client Traffic", "transparent": false, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "avg" }, { "content": "
\nINBOUND WORKLOADS\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 11 }, "id": 45, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 14 }, "id": 25, "legend": { "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null as zero", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Requests by Source And Response Code", "tooltip": { "shared": false, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 14 }, "id": 26, "legend": { "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Success Rate (non-5xx responses) By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percentunit", "label": null, "logBase": 1, "max": "1.01", "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 20 }, "id": 27, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", "refId": "E", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", "refId": "F", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", "refId": "G", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Request Duration by Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 20 }, "id": 28, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Request Size By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 20 }, "id": 68, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Response Size By Source", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 26 }, "id": 80, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Received from Incoming TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 26 }, "id": 82, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Sent to Incoming TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ] }, { "content": "
\nOUTBOUND SERVICES\n
", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 32 }, "id": 69, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 35 }, "id": 70, "legend": { "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null as zero", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} : {{ response_code }}", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Outgoing Requests by Destination And Response Code", "tooltip": { "shared": false, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 35 }, "id": 71, "legend": { "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{destination_service }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Outgoing Success Rate (non-5xx responses) By Destination", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "percentunit", "label": null, "logBase": 1, "max": "1.01", "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 41 }, "id": 72, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "hideZero": false, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P50", "refId": "E", "step": 2 }, { "expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P90", "refId": "F", "step": 2 }, { "expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P95", "refId": "G", "step": 2 }, { "expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Outgoing Request Duration by Destination", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 41 }, "id": 73, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Outgoing Request Size By Destination", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 41 }, "id": 74, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": true, "max": false, "min": false, "rightSide": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P50 (🔐mTLS)", "refId": "D", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P90 (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P95 (🔐mTLS)", "refId": "B", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P99 (🔐mTLS)", "refId": "C", "step": 2 }, { "expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P50", "refId": "E", "step": 2 }, { "expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P90", "refId": "F", "step": 2 }, { "expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P95", "refId": "G", "step": 2 }, { "expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "{{ destination_service }} P99", "refId": "H", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Response Size By Destination", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "decbytes", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 47 }, "id": 76, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_service }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_service }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Sent on Outgoing TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ] }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 47 }, "id": 78, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_service }} (🔐mTLS)", "refId": "A", "step": 2 }, { "expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ destination_service }}", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Bytes Received from Outgoing TCP Connection", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ] } ], "refresh": "10s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": [ { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": false, "label": "Namespace", "multi": false, "name": "namespace", "options": [], "query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))", "refresh": 1, "regex": "/.*_namespace=\"([^\"]*).*/", "sort": 0, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": false, "label": "Workload", "multi": false, "name": "workload", "options": [], "query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))", "refresh": 1, "regex": "/.*workload=\"([^\"]*).*/", "sort": 1, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Inbound Workload Namespace", "multi": true, "name": "srcns", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))", "refresh": 1, "regex": "/.*namespace=\"([^\"]*).*/", "sort": 2, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Inbound Workload", "multi": true, "name": "srcwl", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))", "refresh": 1, "regex": "/.*workload=\"([^\"]*).*/", "sort": 3, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Destination Service", "multi": true, "name": "dstsvc", "options": [], "query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))", "refresh": 1, "regex": "/.*destination_service=\"([^\"]*).*/", "sort": 4, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", "title": "Istio Workload Dashboard", "uid": "UbsSZTDik", "version": 1 } ' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-mixer-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: mixer-dashboard.json: '{ "__inputs": [ { "name": "DS_PROMETHEUS", "label": "Prometheus", "description": "", "type": "datasource", "pluginId": "prometheus", "pluginName": "Prometheus" } ], "__requires": [ { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "5.2.3" }, { "type": "panel", "id": "graph", "name": "Graph", "version": "5.0.0" }, { "type": "datasource", "id": "prometheus", "name": "Prometheus", "version": "5.0.0" }, { "type": "panel", "id": "text", "name": "Text", "version": "5.0.0" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "limit": 100, "name": "Annotations & Alerts", "showIn": 0, "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 1, "id": null, "iteration": 1543881232533, "links": [], "panels": [ { "content": "

Deployed Versions

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 0 }, "height": "40", "id": 62, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 3 }, "id": 64, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build{component=\"mixer\"}) by (tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Mixer Versions", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": "

Resource Usage

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 8 }, "height": "40", "id": 29, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 11 }, "id": 5, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "instant": false, "intervalFactor": 2, "legendFormat": "Virtual Memory ({{ job }})", "refId": "I" }, { "expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory ({{ job }})", "refId": "H" }, { "expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap sys ({{ job }})", "refId": "A" }, { "expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap alloc ({{ job }})", "refId": "D" }, { "expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc ({{ job }})", "refId": "F" }, { "expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Heap in-use ({{ job }})", "refId": "E" }, { "expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use ({{ job }})", "refId": "G" }, { "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (service)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} total (k8s)", "refId": "C" }, { "expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} - {{ container }} (k8s)", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 11 }, "id": 6, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} total (k8s)", "refId": "A" }, { "expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container, pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ service }} - {{ container }} (k8s)", "refId": "B" }, { "expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "{{ job }} (self-reported)", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 12, "y": 11 }, "id": 7, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "hide": true, "instant": false, "interval": "", "intervalFactor": 2, "legendFormat": "Open FDs ({{ job }})", "refId": "A" }, { "expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ service }} - {{ container }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 11 }, "id": 4, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": false, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines ({{ job }})", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": "

Mixer Overview

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 18 }, "height": "40px", "id": 30, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 0, "y": 21 }, "id": 9, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "mixer (Total)", "refId": "B" }, { "expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": "mixer ({{ grpc_server_method }})", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Incoming Requests", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 6, "y": 21 }, "id": 8, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [ { "alias": "{}", "yaxis": 1 } ], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ grpc_server_method }} 0.5", "refId": "B" }, { "expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ grpc_server_method }} 0.9", "refId": "C" }, { "expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ grpc_server_method }} 0.99", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Response Durations", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "ms", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 12, "y": 21 }, "id": 11, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Mixer {{ grpc_method }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Server Error Rate (5xx responses)", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 6, "w": 6, "x": 18, "y": 21 }, "id": 12, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)", "format": "time_series", "intervalFactor": 2, "legendFormat": "Mixer {{ grpc_method }}", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Non-successes (4xxs)", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": "

Adapters and Config

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 27 }, "id": 28, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 30 }, "id": 13, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ adapter }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Adapter Dispatch Count", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 30 }, "id": 14, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ adapter }} - p50", "refId": "A" }, { "expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ adapter }} - p90 ", "refId": "B" }, { "expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ adapter }} - p99", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Adapter Dispatch Duration", "tooltip": { "shared": true, "sort": 1, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 37 }, "id": 60, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Rules", "refId": "A" }, { "expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Config Errors", "refId": "B" }, { "expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Match Errors", "refId": "C" }, { "expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Unsatisfied Actions", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Rules", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 37 }, "id": 56, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Instances", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Instances in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 12, "y": 37 }, "id": 54, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Handlers", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Handlers in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 37 }, "id": 58, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))", "format": "time_series", "instant": false, "intervalFactor": 1, "legendFormat": "Attributes", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Attributes in Latest Config", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "content": "

Individual Adapters

", "gridPos": { "h": 3, "w": 24, "x": 0, "y": 44 }, "id": 23, "links": [], "mode": "html", "title": "", "transparent": true, "type": "text" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 47 }, "id": 46, "panels": [], "repeat": "adapter", "title": "$adapter Adapter", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 48 }, "id": 17, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{ handler }} (error: {{ error }})", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Dispatch Count By Handler", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 48 }, "id": 18, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", "format": "time_series", "intervalFactor": 2, "legendFormat": "p50 - {{ handler_short }} (error: {{ error }})", "refId": "A" }, { "expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", "format": "time_series", "intervalFactor": 2, "legendFormat": "p90 - {{ handler_short }} (error: {{ error }})", "refId": "D" }, { "expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")", "format": "time_series", "intervalFactor": 2, "legendFormat": "p99 - {{ handler_short }} (error: {{ error }})", "refId": "E" } ], "thresholds": [], "timeFrom": null, "timeShift": null, "title": "Dispatch Duration By Handler", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 16, "style": "dark", "tags": [], "templating": { "list": [ { "allValue": null, "current": {}, "datasource": "Prometheus", "hide": 0, "includeAll": true, "label": "Adapter", "multi": true, "name": "adapter", "options": [], "query": "label_values(adapter)", "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "", "title": "Istio Mixer Dashboard", "version": 4 } ' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana-configuration-dashboards-pilot-dashboard namespace: istio-system labels: app: grafana release: istio istio: grafana data: pilot-dashboard.json: '{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "gnetId": null, "graphTooltip": 1, "id": 11, "links": [], "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 60, "panels": [], "title": "Deployed Versions", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 5, "w": 24, "x": 0, "y": 1 }, "id": 56, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(istio_build{component=\"pilot\"}) by (tag)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ tag }}", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Pilot Versions", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 6 }, "id": 62, "panels": [], "title": "Resource Usage", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 0, "y": 7 }, "id": 5, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "process_virtual_memory_bytes{job=\"pilot\"}", "format": "time_series", "instant": false, "intervalFactor": 2, "legendFormat": "Virtual Memory", "refId": "I", "step": 2 }, { "expr": "process_resident_memory_bytes{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Resident Memory", "refId": "H", "step": 2 }, { "expr": "go_memstats_heap_sys_bytes{job=\"pilot\"}", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap sys", "refId": "A" }, { "expr": "go_memstats_heap_alloc_bytes{job=\"pilot\"}", "format": "time_series", "hide": true, "intervalFactor": 2, "legendFormat": "heap alloc", "refId": "D" }, { "expr": "go_memstats_alloc_bytes{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Alloc", "refId": "F", "step": 2 }, { "expr": "go_memstats_heap_inuse_bytes{job=\"pilot\"}", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Heap in-use", "refId": "E", "step": 2 }, { "expr": "go_memstats_stack_inuse_bytes{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Stack in-use", "refId": "G", "step": 2 }, { "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Discovery (container)", "refId": "B", "step": 2 }, { "expr": "container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Sidecar (container)", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Memory", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 6, "y": 7 }, "id": 6, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Discovery (container)", "refId": "A" }, { "expr": "irate(process_cpu_seconds_total{job=\"pilot\"}[1m])", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Discovery (process)", "refId": "C", "step": 2 }, { "expr": "sum(irate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 2, "legendFormat": "Sidecar (container)", "refId": "B", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "CPU", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 12, "y": 7 }, "id": 7, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Discovery", "refId": "B", "step": 2 }, { "expr": "container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Sidecar", "refId": "A" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Disk", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "bytes", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "decimals": null, "format": "none", "label": "", "logBase": 1024, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 7 }, "id": 4, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": false, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "go_goroutines{job=\"pilot\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Number of Goroutines", "refId": "A", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Goroutines", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 14 }, "id": 58, "panels": [], "title": "Pilot Push Information", "type": "row" }, { "aliasColors": {}, "bars": true, "dashLength": 10, "dashes": false, "description": "Shows the rate of pilot pushes", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 0, "y": 15 }, "id": 622, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": false, "linewidth": 1, "links": [], "nullPointMode": "null as zero", "paceLength": 10, "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": true, "steppedLine": false, "targets": [ { "expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Cluster", "refId": "C" }, { "expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Endpoints", "refId": "D" }, { "expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Listeners", "refId": "A" }, { "expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Routes", "refId": "E" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Pilot Pushes", "tooltip": { "shared": false, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": "0", "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "Captures a variety of pilot errors", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 8, "y": 15 }, "id": 67, "legend": { "avg": false, "current": false, "hideEmpty": true, "hideZero": true, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(pilot_xds_cds_reject{job=\"pilot\"}) or (absent(pilot_xds_cds_reject{job=\"pilot\"}) - 1)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Rejected CDS Configs", "refId": "C" }, { "expr": "sum(pilot_xds_eds_reject{job=\"pilot\"}) or (absent(pilot_xds_eds_reject{job=\"pilot\"}) - 1)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Rejected EDS Configs", "refId": "D" }, { "expr": "sum(pilot_xds_rds_reject{job=\"pilot\"}) or (absent(pilot_xds_rds_reject{job=\"pilot\"}) - 1)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Rejected RDS Configs", "refId": "A" }, { "expr": "sum(pilot_xds_lds_reject{job=\"pilot\"}) or (absent(pilot_xds_lds_reject{job=\"pilot\"}) - 1)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Rejected LDS Configs", "refId": "B" }, { "expr": "sum(rate(pilot_xds_write_timeout{job=\"pilot\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Write Timeouts", "refId": "F" }, { "expr": "sum(rate(pilot_total_xds_internal_errors{job=\"pilot\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Internal Errors", "refId": "H" }, { "expr": "sum(rate(pilot_total_xds_rejects{job=\"pilot\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Config Rejection Rate", "refId": "E" }, { "expr": "sum(rate(pilot_xds_push_context_errors{job=\"pilot\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Push Context Errors", "refId": "K" }, { "expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)", "format": "time_series", "intervalFactor": 1, "legendFormat": "Push Errors ({{ type }})", "refId": "L" }, { "expr": "sum(rate(pilot_xds_push_errors{job=\"pilot\"}[1m])) by (type)", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Push Errors ({{ type }})", "refId": "I" }, { "expr": "sum(rate(pilot_xds_push_timeout{job=\"pilot\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Push Timeouts", "refId": "G" }, { "expr": "sum(rate(pilot_xds_push_timeout_failures{job=\"pilot\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Push Timeouts Failures", "refId": "J" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Pilot Errors", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "description": "Shows the total time it takes to push a config update to a proxy", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 16, "y": 15 }, "id": 624, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 2, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", "format": "time_series", "intervalFactor": 1, "legendFormat": "p50 ", "refId": "A" }, { "expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", "format": "time_series", "intervalFactor": 1, "legendFormat": "p90", "refId": "B" }, { "expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", "format": "time_series", "intervalFactor": 1, "legendFormat": "p99", "refId": "C" }, { "expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))", "format": "time_series", "intervalFactor": 1, "legendFormat": "p99.9", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Proxy Push Time", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "s", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 0, "y": 23 }, "id": 45, "legend": { "avg": false, "current": false, "hideEmpty": true, "hideZero": true, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null as zero", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "pilot_conflict_inbound_listener{job=\"pilot\"}", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Inbound Listeners", "refId": "B" }, { "expr": "pilot_conflict_outbound_listener_http_over_current_tcp{job=\"pilot\"}", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Outbound Listeners (http over current tcp)", "refId": "A" }, { "expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{job=\"pilot\"}", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Outbound Listeners (tcp over current tcp)", "refId": "C" }, { "expr": "pilot_conflict_outbound_listener_tcp_over_current_http{job=\"pilot\"}", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "Outbound Listeners (tcp over current http)", "refId": "D" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Conflicts", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 8, "y": 23 }, "id": 47, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "pilot_virt_services{job=\"pilot\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Virtual Services", "refId": "A" }, { "expr": "pilot_services{job=\"pilot\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Services", "refId": "B" }, { "expr": "pilot_xds{job=\"pilot\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "Connected Endpoints", "refId": "E" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "ADS Monitoring", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "columns": [], "datasource": "Prometheus", "description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady", "fontSize": "100%", "gridPos": { "h": 8, "w": 8, "x": 16, "y": 23 }, "id": 51, "links": [], "pageSize": null, "scroll": true, "showHeader": true, "sort": { "col": null, "desc": false }, "styles": [ { "alias": "Time", "dateFormat": "YYYY-MM-DD HH:mm:ss", "pattern": "Time", "type": "date" }, { "alias": "Clusters", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "decimals": 2, "pattern": "/.*/", "thresholds": [], "type": "number", "unit": "short" } ], "targets": [ { "expr": "sum(pilot_xds_eds_instances{job=\"pilot\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1", "format": "time_series", "hide": false, "instant": true, "intervalFactor": 1, "legendFormat": "{{cluster}}", "refId": "B" } ], "timeFrom": null, "timeShift": null, "title": "Clusters with no known endpoints", "transform": "timeseries_aggregations", "type": "table" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 31 }, "id": 64, "panels": [], "title": "Envoy Information", "type": "row" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "Shows details about Envoy proxies in the mesh", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 0, "y": 32 }, "id": 40, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "XDS Connections", "refId": "C" }, { "expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "XDS Connection Failures", "refId": "A" }, { "expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "Envoy Restarts", "refId": "B" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Envoy Details", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "ops", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "ops", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 8, "y": 32 }, "id": 41, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "XDS Active Connections", "refId": "C", "step": 2 } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "XDS Active Connections", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "Prometheus", "description": "Shows the size of XDS requests and responses", "fill": 1, "gridPos": { "h": 8, "w": 8, "x": 16, "y": 32 }, "id": 42, "legend": { "avg": false, "current": false, "hideEmpty": false, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "XDS Response Bytes Max", "refId": "D" }, { "expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", "format": "time_series", "hide": false, "intervalFactor": 1, "legendFormat": "XDS Response Bytes Average", "refId": "B" }, { "expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "XDS Request Bytes Max", "refId": "A" }, { "expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))", "format": "time_series", "intervalFactor": 1, "legendFormat": "XDS Request Bytes Average", "refId": "C" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "XDS Requests Size", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "Bps", "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { "format": "ops", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } } ], "refresh": "5s", "schemaVersion": 18, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-5m", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Istio Pilot Dashboard", "uid": "3--MLVZZk", "version": 11 }' --- apiVersion: v1 kind: ConfigMap metadata: name: istio-grafana namespace: istio-system labels: app: grafana release: istio istio: grafana data: datasources.yaml: | apiVersion: 1 datasources: - access: proxy editable: true isDefault: true jsonData: timeInterval: 5s name: Prometheus orgId: 1 type: prometheus url: http://prometheus:9090 dashboardproviders.yaml: | apiVersion: 1 providers: - disableDeletion: false folder: istio name: istio options: path: /var/lib/grafana/dashboards/istio orgId: 1 type: file --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: grafana release: istio name: grafana namespace: istio-system spec: replicas: 1 selector: matchLabels: app: grafana template: metadata: annotations: sidecar.istio.io/inject: "false" labels: app: grafana chart: grafana heritage: Tiller release: istio-system spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - env: - name: GRAFANA_PORT value: "3000" - name: GF_AUTH_BASIC_ENABLED value: "false" - name: GF_AUTH_ANONYMOUS_ENABLED value: "true" - name: GF_AUTH_ANONYMOUS_ORG_ROLE value: Admin - name: GF_PATHS_DATA value: /data/grafana image: grafana/grafana:6.5.2 imagePullPolicy: IfNotPresent name: grafana ports: - containerPort: 3000 readinessProbe: httpGet: path: /api/health port: 3000 resources: requests: cpu: 10m volumeMounts: - mountPath: /data/grafana name: data - mountPath: /var/lib/grafana/dashboards/istio/citadel-dashboard.json name: dashboards-istio-citadel-dashboard readOnly: true subPath: citadel-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/galley-dashboard.json name: dashboards-istio-galley-dashboard readOnly: true subPath: galley-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/istio-mesh-dashboard.json name: dashboards-istio-istio-mesh-dashboard readOnly: true subPath: istio-mesh-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/istio-performance-dashboard.json name: dashboards-istio-istio-performance-dashboard readOnly: true subPath: istio-performance-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/istio-service-dashboard.json name: dashboards-istio-istio-service-dashboard readOnly: true subPath: istio-service-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/istio-workload-dashboard.json name: dashboards-istio-istio-workload-dashboard readOnly: true subPath: istio-workload-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/mixer-dashboard.json name: dashboards-istio-mixer-dashboard readOnly: true subPath: mixer-dashboard.json - mountPath: /var/lib/grafana/dashboards/istio/pilot-dashboard.json name: dashboards-istio-pilot-dashboard readOnly: true subPath: pilot-dashboard.json - mountPath: /etc/grafana/provisioning/datasources/datasources.yaml name: config subPath: datasources.yaml - mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml name: config subPath: dashboardproviders.yaml securityContext: fsGroup: 472 runAsUser: 472 volumes: - configMap: name: istio-grafana name: config - emptyDir: {} name: data - configMap: name: istio-grafana-configuration-dashboards-citadel-dashboard name: dashboards-istio-citadel-dashboard - configMap: name: istio-grafana-configuration-dashboards-galley-dashboard name: dashboards-istio-galley-dashboard - configMap: name: istio-grafana-configuration-dashboards-istio-mesh-dashboard name: dashboards-istio-istio-mesh-dashboard - configMap: name: istio-grafana-configuration-dashboards-istio-performance-dashboard name: dashboards-istio-istio-performance-dashboard - configMap: name: istio-grafana-configuration-dashboards-istio-service-dashboard name: dashboards-istio-istio-service-dashboard - configMap: name: istio-grafana-configuration-dashboards-istio-workload-dashboard name: dashboards-istio-istio-workload-dashboard - configMap: name: istio-grafana-configuration-dashboards-mixer-dashboard name: dashboards-istio-mixer-dashboard - configMap: name: istio-grafana-configuration-dashboards-pilot-dashboard name: dashboards-istio-pilot-dashboard --- apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata: name: grafana-ports-mtls-disabled namespace: istio-system labels: app: grafana release: istio spec: targets: - name: grafana ports: - number: 3000 --- apiVersion: v1 kind: Service metadata: name: grafana namespace: istio-system annotations: labels: app: grafana release: istio spec: type: ClusterIP ports: - port: 3000 targetPort: 3000 protocol: TCP name: http selector: app: grafana --- --- # AddonComponents istiocoredns component is disabled. --- # Resources for AddonComponents kiali component apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kiali labels: app: kiali release: istio rules: - apiGroups: [""] resources: - configmaps - endpoints - namespaces - nodes - pods - pods/log - replicationcontrollers - services verbs: - get - list - watch - apiGroups: ["extensions", "apps"] resources: - deployments - replicasets - statefulsets verbs: - get - list - watch - apiGroups: ["autoscaling"] resources: - horizontalpodautoscalers verbs: - get - list - watch - apiGroups: ["batch"] resources: - cronjobs - jobs verbs: - get - list - watch - apiGroups: - config.istio.io - networking.istio.io - authentication.istio.io - rbac.istio.io - security.istio.io resources: ["*"] verbs: - create - delete - get - list - patch - watch - apiGroups: ["monitoring.kiali.io"] resources: - monitoringdashboards verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kiali-viewer labels: app: kiali release: istio rules: - apiGroups: [""] resources: - configmaps - endpoints - namespaces - nodes - pods - pods/log - replicationcontrollers - services verbs: - get - list - watch - apiGroups: ["extensions", "apps"] resources: - deployments - replicasets - statefulsets verbs: - get - list - watch - apiGroups: ["autoscaling"] resources: - horizontalpodautoscalers verbs: - get - list - watch - apiGroups: ["batch"] resources: - cronjobs - jobs verbs: - get - list - watch - apiGroups: - config.istio.io - networking.istio.io - authentication.istio.io - rbac.istio.io - security.istio.io resources: ["*"] verbs: - get - list - watch - apiGroups: ["monitoring.kiali.io"] resources: - monitoringdashboards verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kiali labels: app: kiali release: istio roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kiali subjects: - kind: ServiceAccount name: kiali-service-account namespace: istio-system --- apiVersion: v1 kind: ConfigMap metadata: name: kiali namespace: istio-system labels: app: kiali release: istio data: config.yaml: | istio_component_namespaces: grafana: istio-system tracing: istio-system pilot: istio-system prometheus: istio-system istio_namespace: istio-system auth: strategy: login deployment: accessible_namespaces: ['**'] login_token: signing_key: "709ODxJwjb" server: port: 20001 web_root: /kiali external_services: istio: url_service_version: http://istio-pilot.istio-system:8080/version tracing: url: in_cluster_url: http://tracing/jaeger grafana: url: in_cluster_url: http://grafana:3000 prometheus: url: http://prometheus.istio-system:9090 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: kiali release: istio name: kiali namespace: istio-system spec: replicas: 1 selector: matchLabels: app: kiali template: metadata: annotations: kiali.io/runtimes: go,kiali prometheus.io/port: "9090" prometheus.io/scrape: "true" scheduler.alpha.kubernetes.io/critical-pod: "" sidecar.istio.io/inject: "false" labels: app: kiali release: istio name: kiali spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - command: - /opt/kiali/kiali - -config - /kiali-configuration/config.yaml - -v - "3" env: - name: ACTIVE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: quay.io/kiali/kiali:v1.15 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /kiali/healthz port: 20001 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 30 name: kiali readinessProbe: httpGet: path: /kiali/healthz port: 20001 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 30 resources: requests: cpu: 10m volumeMounts: - mountPath: /kiali-configuration name: kiali-configuration - mountPath: /kiali-cert name: kiali-cert - mountPath: /kiali-secret name: kiali-secret serviceAccountName: kiali-service-account volumes: - configMap: name: kiali name: kiali-configuration - name: kiali-cert secret: optional: true secretName: istio.kiali-service-account - name: kiali-secret secret: optional: true secretName: kiali --- apiVersion: v1 kind: Service metadata: name: kiali namespace: istio-system annotations: labels: app: kiali release: istio spec: type: ClusterIP ports: - name: http-kiali protocol: TCP port: 20001 selector: app: kiali --- apiVersion: v1 kind: ServiceAccount metadata: name: kiali-service-account namespace: istio-system labels: app: kiali release: istio --- --- # Resources for AddonComponents prometheus component apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus-istio-system labels: app: prometheus release: istio rules: - apiGroups: [""] resources: - nodes - services - endpoints - pods - nodes/proxy verbs: ["get", "list", "watch"] - apiGroups: [""] resources: - configmaps verbs: ["get"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus-istio-system labels: app: prometheus release: istio roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus-istio-system subjects: - kind: ServiceAccount name: prometheus namespace: istio-system --- apiVersion: v1 kind: ConfigMap metadata: name: prometheus namespace: istio-system labels: app: prometheus release: istio data: prometheus.yml: |- global: scrape_interval: 15s scrape_configs: # Mixer scrapping. Defaults to Prometheus and mixer on same namespace. # - job_name: 'istio-mesh' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-telemetry;prometheus # Scrape config for envoy stats - job_name: 'envoy-stats' metrics_path: /stats/prometheus kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: [__meta_kubernetes_pod_container_port_name] action: keep regex: '.*-envoy-prom' - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:15090 target_label: __address__ - action: labeldrop regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: pod_name - job_name: 'istio-policy' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-policy;http-policy-monitoring - job_name: 'istio-telemetry' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-telemetry;http-monitoring - job_name: 'pilot' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-pilot;http-monitoring - job_name: 'galley' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-galley;http-monitoring - job_name: 'citadel' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-citadel;http-monitoring - job_name: 'sidecar-injector' kubernetes_sd_configs: - role: endpoints namespaces: names: - istio-system relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: istio-sidecar-injector;http-monitoring # scrape config for API servers - job_name: 'kubernetes-apiservers' kubernetes_sd_configs: - role: endpoints namespaces: names: - default scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: kubernetes;https # scrape config for nodes (kubelet) - job_name: 'kubernetes-nodes' scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - role: node relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) - target_label: __address__ replacement: kubernetes.default.svc:443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics # Scrape config for Kubelet cAdvisor. # # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics # (those whose names begin with 'container_') have been removed from the # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to # retrieve those metrics. # # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with # the --cadvisor-port=0 Kubelet flag). # # This job is not necessary and should be removed in Kubernetes 1.6 and # earlier versions, or it will cause the metrics to be scraped twice. - job_name: 'kubernetes-cadvisor' scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - role: node relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) - target_label: __address__ replacement: kubernetes.default.svc:443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor # scrape config for service endpoints. - job_name: 'kubernetes-service-endpoints' kubernetes_sd_configs: - role: endpoints relabel_configs: - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] action: replace target_label: __scheme__ regex: (https?) - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] action: replace target_label: __address__ regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 - action: labelmap regex: __meta_kubernetes_service_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_service_name] action: replace target_label: kubernetes_name - job_name: 'kubernetes-pods' kubernetes_sd_configs: - role: pod relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status] action: drop regex: (.+) - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] action: drop regex: (true) - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: pod_name --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: prometheus release: istio name: prometheus namespace: istio-system spec: replicas: 1 selector: matchLabels: app: prometheus template: metadata: annotations: sidecar.istio.io/inject: "false" labels: app: prometheus release: istio spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - args: - --storage.tsdb.retention=6h - --config.file=/etc/prometheus/prometheus.yml image: docker.io/prom/prometheus:v2.15.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /-/healthy port: 9090 name: prometheus ports: - containerPort: 9090 name: http readinessProbe: httpGet: path: /-/ready port: 9090 resources: requests: cpu: 10m volumeMounts: - mountPath: /etc/prometheus name: config-volume - mountPath: /etc/istio-certs name: istio-certs - args: - proxy - sidecar - --domain - $(POD_NAMESPACE).svc.cluster.local - --configPath - /etc/istio/proxy - --binaryPath - /usr/local/bin/envoy - --serviceCluster - istio-proxy-prometheus - --drainDuration - 45s - --parentShutdownDuration - 1m0s - --discoveryAddress - istio-pilot.istio-system.svc:15012 - --proxyLogLevel=warning - --proxyComponentLogLevel=misc:error - --connectTimeout - 10s - --proxyAdminPort - "15000" - --controlPlaneAuthPolicy - NONE - --dnsRefreshRate - 300s - --statusPort - "15020" - --trust-domain=cluster.local - --controlPlaneBootstrap=false env: - name: OUTPUT_CERTS value: /etc/istio-certs - name: JWT_POLICY value: third-party-jwt - name: PILOT_CERT_PROVIDER value: istiod - name: CA_ADDR value: istio-pilot.istio-system.svc:15012 - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: ISTIO_META_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ISTIO_META_CONFIG_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ISTIO_META_MESH_ID value: cluster.local - name: ISTIO_META_CLUSTER_ID value: Kubernetes image: docker.io/istio/proxyv2:1.5.1 imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15020 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /var/run/secrets/tokens name: istio-token - mountPath: /etc/istio-certs/ name: istio-certs serviceAccountName: prometheus volumes: - configMap: name: prometheus name: config-volume - emptyDir: medium: Memory name: istio-certs - emptyDir: medium: Memory name: istio-envoy - name: istio-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: defaultMode: 420 name: istio-ca-root-cert name: istiod-ca-cert --- apiVersion: v1 kind: Service metadata: name: prometheus namespace: istio-system annotations: prometheus.io/scrape: 'true' labels: app: prometheus release: istio spec: selector: app: prometheus ports: - name: http-prometheus protocol: TCP port: 9090 --- apiVersion: v1 kind: ServiceAccount metadata: name: prometheus namespace: istio-system labels: app: prometheus release: istio --- --- # AddonComponents istio-tracing component is disabled. # Resources for Base component apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: istio-reader-istio-system labels: app: istio-reader release: istio rules: - apiGroups: - "config.istio.io" - "rbac.istio.io" - "security.istio.io" - "networking.istio.io" - "authentication.istio.io" resources: ["*"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: istio-reader-istio-system labels: app: istio-reader release: istio roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: istio-reader-istio-system subjects: - kind: ServiceAccount name: istio-reader-service-account namespace: istio-system --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-citadel chart: istio heritage: Tiller release: istio name: meshpolicies.authentication.istio.io spec: group: authentication.istio.io names: categories: - istio-io - authentication-istio-io kind: MeshPolicy listKind: MeshPolicyList plural: meshpolicies singular: meshpolicy scope: Cluster subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' properties: originIsOptional: description: Deprecated. type: boolean origins: description: Deprecated. items: properties: jwt: description: Jwt params for the method. properties: audiences: items: format: string type: string type: array issuer: description: Identifies the issuer that issued the JWT. format: string type: string jwks: description: JSON Web Key Set of public keys to validate signature of the JWT. format: string type: string jwks_uri: format: string type: string jwksUri: format: string type: string jwt_headers: description: JWT is sent in a request header. items: format: string type: string type: array jwtHeaders: description: JWT is sent in a request header. items: format: string type: string type: array jwtParams: description: JWT is sent in a query parameter. items: format: string type: string type: array trigger_rules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array triggerRules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array type: object type: object type: array peerIsOptional: description: Deprecated. type: boolean peers: description: List of authentication methods that can be used for peer authentication. items: oneOf: - required: - mtls - properties: jwt: {} required: - jwt properties: jwt: properties: audiences: items: format: string type: string type: array issuer: description: Identifies the issuer that issued the JWT. format: string type: string jwks: description: JSON Web Key Set of public keys to validate signature of the JWT. format: string type: string jwks_uri: format: string type: string jwksUri: format: string type: string jwt_headers: description: JWT is sent in a request header. items: format: string type: string type: array jwtHeaders: description: JWT is sent in a request header. items: format: string type: string type: array jwtParams: description: JWT is sent in a query parameter. items: format: string type: string type: array trigger_rules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array triggerRules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array type: object mtls: description: Set if mTLS is used. properties: allowTls: description: Deprecated. type: boolean mode: description: Defines the mode of mTLS authentication. enum: - STRICT - PERMISSIVE type: string type: object type: object type: array principalBinding: description: Deprecated. enum: - USE_PEER - USE_ORIGIN type: string targets: description: Deprecated. items: properties: name: description: The name must be a short name from the service registry. format: string type: string ports: description: Specifies the ports. items: oneOf: - required: - number - required: - name properties: name: format: string type: string number: type: integer type: object type: array type: object type: array type: object type: object versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-citadel chart: istio heritage: Tiller release: istio name: policies.authentication.istio.io spec: group: authentication.istio.io names: categories: - istio-io - authentication-istio-io kind: Policy listKind: PolicyList plural: policies singular: policy scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Authentication policy for Istio services. See more details at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' properties: originIsOptional: description: Deprecated. type: boolean origins: description: Deprecated. items: properties: jwt: description: Jwt params for the method. properties: audiences: items: format: string type: string type: array issuer: description: Identifies the issuer that issued the JWT. format: string type: string jwks: description: JSON Web Key Set of public keys to validate signature of the JWT. format: string type: string jwks_uri: format: string type: string jwksUri: format: string type: string jwt_headers: description: JWT is sent in a request header. items: format: string type: string type: array jwtHeaders: description: JWT is sent in a request header. items: format: string type: string type: array jwtParams: description: JWT is sent in a query parameter. items: format: string type: string type: array trigger_rules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array triggerRules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array type: object type: object type: array peerIsOptional: description: Deprecated. type: boolean peers: description: List of authentication methods that can be used for peer authentication. items: oneOf: - required: - mtls - properties: jwt: {} required: - jwt properties: jwt: properties: audiences: items: format: string type: string type: array issuer: description: Identifies the issuer that issued the JWT. format: string type: string jwks: description: JSON Web Key Set of public keys to validate signature of the JWT. format: string type: string jwks_uri: format: string type: string jwksUri: format: string type: string jwt_headers: description: JWT is sent in a request header. items: format: string type: string type: array jwtHeaders: description: JWT is sent in a request header. items: format: string type: string type: array jwtParams: description: JWT is sent in a query parameter. items: format: string type: string type: array trigger_rules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array triggerRules: items: properties: excluded_paths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array excludedPaths: description: List of paths to be excluded from the request. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array included_paths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array includedPaths: description: List of paths that the request must include. items: oneOf: - required: - exact - required: - prefix - required: - suffix - required: - regex properties: exact: description: exact string match. format: string type: string prefix: description: prefix-based match. format: string type: string regex: description: ECMAscript style regex-based match as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). format: string type: string suffix: description: suffix-based match. format: string type: string type: object type: array type: object type: array type: object mtls: description: Set if mTLS is used. properties: allowTls: description: Deprecated. type: boolean mode: description: Defines the mode of mTLS authentication. enum: - STRICT - PERMISSIVE type: string type: object type: object type: array principalBinding: description: Deprecated. enum: - USE_PEER - USE_ORIGIN type: string targets: description: Deprecated. items: properties: name: description: The name must be a short name from the service registry. format: string type: string ports: description: Specifies the ports. items: oneOf: - required: - number - required: - name properties: name: format: string type: string number: type: integer type: object type: array type: object type: array type: object type: object versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-mixer chart: istio heritage: Tiller release: istio name: httpapispecs.config.istio.io spec: group: config.istio.io names: categories: - istio-io - apim-istio-io kind: HTTPAPISpec listKind: HTTPAPISpecList plural: httpapispecs singular: httpapispec scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: properties: api_keys: items: oneOf: - required: - query - required: - header - required: - cookie properties: cookie: format: string type: string header: description: API key is sent in a request header. format: string type: string query: description: API Key is sent as a query parameter. format: string type: string type: object type: array apiKeys: items: oneOf: - required: - query - required: - header - required: - cookie properties: cookie: format: string type: string header: description: API key is sent in a request header. format: string type: string query: description: API Key is sent as a query parameter. format: string type: string type: object type: array attributes: properties: attributes: additionalProperties: oneOf: - required: - stringValue - required: - int64Value - required: - doubleValue - required: - boolValue - required: - bytesValue - required: - timestampValue - required: - durationValue - required: - stringMapValue properties: boolValue: type: boolean bytesValue: format: binary type: string doubleValue: format: double type: number durationValue: type: string int64Value: format: int64 type: integer stringMapValue: properties: entries: additionalProperties: format: string type: string description: Holds a set of name/value pairs. type: object type: object stringValue: format: string type: string timestampValue: format: dateTime type: string type: object description: A map of attribute name to its value. type: object type: object patterns: description: List of HTTP patterns to match. items: oneOf: - required: - uriTemplate - required: - regex properties: attributes: properties: attributes: additionalProperties: oneOf: - required: - stringValue - required: - int64Value - required: - doubleValue - required: - boolValue - required: - bytesValue - required: - timestampValue - required: - durationValue - required: - stringMapValue properties: boolValue: type: boolean bytesValue: format: binary type: string doubleValue: format: double type: number durationValue: type: string int64Value: format: int64 type: integer stringMapValue: properties: entries: additionalProperties: format: string type: string description: Holds a set of name/value pairs. type: object type: object stringValue: format: string type: string timestampValue: format: dateTime type: string type: object description: A map of attribute name to its value. type: object type: object httpMethod: format: string type: string regex: format: string type: string uriTemplate: format: string type: string type: object type: array type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-mixer chart: istio heritage: Tiller release: istio name: httpapispecbindings.config.istio.io spec: group: config.istio.io names: categories: - istio-io - apim-istio-io kind: HTTPAPISpecBinding listKind: HTTPAPISpecBindingList plural: httpapispecbindings singular: httpapispecbinding scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: properties: api_specs: items: properties: name: description: The short name of the HTTPAPISpec. format: string type: string namespace: description: Optional namespace of the HTTPAPISpec. format: string type: string type: object type: array apiSpecs: items: properties: name: description: The short name of the HTTPAPISpec. format: string type: string namespace: description: Optional namespace of the HTTPAPISpec. format: string type: string type: object type: array services: description: One or more services to map the listed HTTPAPISpec onto. items: properties: domain: description: Domain suffix used to construct the service FQDN in implementations that support such specification. format: string type: string labels: additionalProperties: format: string type: string description: Optional one or more labels that uniquely identify the service version. type: object name: description: The short name of the service such as "foo". format: string type: string namespace: description: Optional namespace of the service. format: string type: string service: description: The service FQDN. format: string type: string type: object type: array type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-mixer chart: istio heritage: Tiller release: istio name: quotaspecs.config.istio.io spec: group: config.istio.io names: categories: - istio-io - apim-istio-io kind: QuotaSpec listKind: QuotaSpecList plural: quotaspecs singular: quotaspec scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: Determines the quotas used for individual requests. properties: rules: description: A list of Quota rules. items: properties: match: description: If empty, match all request. items: properties: clause: additionalProperties: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object description: Map of attribute names to StringMatch type. type: object type: object type: array quotas: description: The list of quotas to charge. items: properties: charge: format: int32 type: integer quota: format: string type: string type: object type: array type: object type: array type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-mixer chart: istio heritage: Tiller release: istio name: quotaspecbindings.config.istio.io spec: group: config.istio.io names: categories: - istio-io - apim-istio-io kind: QuotaSpecBinding listKind: QuotaSpecBindingList plural: quotaspecbindings singular: quotaspecbinding scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: properties: quotaSpecs: items: properties: name: description: The short name of the QuotaSpec. format: string type: string namespace: description: Optional namespace of the QuotaSpec. format: string type: string type: object type: array services: description: One or more services to map the listed QuotaSpec onto. items: properties: domain: description: Domain suffix used to construct the service FQDN in implementations that support such specification. format: string type: string labels: additionalProperties: format: string type: string description: Optional one or more labels that uniquely identify the service version. type: object name: description: The short name of the service such as "foo". format: string type: string namespace: description: Optional namespace of the service. format: string type: string service: description: The service FQDN. format: string type: string type: object type: array type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller release: istio name: destinationrules.networking.istio.io spec: additionalPrinterColumns: - JSONPath: .spec.host description: The name of a service from the service registry name: Host type: string - JSONPath: .metadata.creationTimestamp description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' name: Age type: date group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: DestinationRule listKind: DestinationRuleList plural: destinationrules shortNames: - dr singular: destinationrule scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' properties: exportTo: description: A list of namespaces to which this destination rule is exported. items: format: string type: string type: array host: description: The name of a service from the service registry. format: string type: string subsets: items: properties: labels: additionalProperties: format: string type: string type: object name: description: Name of the subset. format: string type: string trafficPolicy: description: Traffic policies that apply to this subset. properties: connectionPool: properties: http: description: HTTP connection pool settings. properties: h2UpgradePolicy: description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. enum: - DEFAULT - DO_NOT_UPGRADE - UPGRADE type: string http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. format: int32 type: integer idleTimeout: description: The idle timeout for upstream connection pool connections. type: string maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. format: int32 type: integer maxRetries: format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer tcpKeepalive: description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. properties: interval: description: The time duration between keep-alive probes. type: string probes: type: integer time: type: string type: object type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. oneOf: - required: - simple - properties: consistentHash: oneOf: - required: - httpHeaderName - required: - httpCookie - required: - useSourceIp required: - consistentHash properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: Name of the cookie. format: string type: string path: description: Path to set for the cookie. format: string type: string ttl: description: Lifetime of the cookie. type: string type: object httpHeaderName: description: Hash based on a specific HTTP header. format: string type: string minimumRingSize: type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object localityLbSetting: properties: distribute: description: 'Optional: only one of distribute or failover can be set.' items: properties: from: description: Originating locality, '/' separated, e.g. format: string type: string to: additionalProperties: type: integer description: Map of upstream localities to traffic distribution weights. type: object type: object type: array enabled: description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. type: boolean failover: description: 'Optional: only failover or distribute can be set.' items: properties: from: description: Originating region. format: string type: string to: format: string type: string type: object type: array type: object simple: enum: - ROUND_ROBIN - LEAST_CONN - RANDOM - PASSTHROUGH type: string type: object outlierDetection: properties: baseEjectionTime: description: Minimum ejection duration. type: string consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. type: integer consecutiveErrors: format: int32 type: integer consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. type: integer interval: description: Time interval between ejection sweep analysis. type: string maxEjectionPercent: format: int32 type: integer minHealthPercent: format: int32 type: integer type: object portLevelSettings: description: Traffic policies specific to individual ports. items: properties: connectionPool: properties: http: description: HTTP connection pool settings. properties: h2UpgradePolicy: description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. enum: - DEFAULT - DO_NOT_UPGRADE - UPGRADE type: string http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. format: int32 type: integer idleTimeout: description: The idle timeout for upstream connection pool connections. type: string maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. format: int32 type: integer maxRetries: format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer tcpKeepalive: description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. properties: interval: description: The time duration between keep-alive probes. type: string probes: type: integer time: type: string type: object type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. oneOf: - required: - simple - properties: consistentHash: oneOf: - required: - httpHeaderName - required: - httpCookie - required: - useSourceIp required: - consistentHash properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: Name of the cookie. format: string type: string path: description: Path to set for the cookie. format: string type: string ttl: description: Lifetime of the cookie. type: string type: object httpHeaderName: description: Hash based on a specific HTTP header. format: string type: string minimumRingSize: type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object localityLbSetting: properties: distribute: description: 'Optional: only one of distribute or failover can be set.' items: properties: from: description: Originating locality, '/' separated, e.g. format: string type: string to: additionalProperties: type: integer description: Map of upstream localities to traffic distribution weights. type: object type: object type: array enabled: description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. type: boolean failover: description: 'Optional: only failover or distribute can be set.' items: properties: from: description: Originating region. format: string type: string to: format: string type: string type: object type: array type: object simple: enum: - ROUND_ROBIN - LEAST_CONN - RANDOM - PASSTHROUGH type: string type: object outlierDetection: properties: baseEjectionTime: description: Minimum ejection duration. type: string consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. type: integer consecutiveErrors: format: int32 type: integer consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. type: integer interval: description: Time interval between ejection sweep analysis. type: string maxEjectionPercent: format: int32 type: integer minHealthPercent: format: int32 type: integer type: object port: properties: number: type: integer type: object tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: format: string type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. format: string type: string mode: enum: - DISABLE - SIMPLE - MUTUAL - ISTIO_MUTUAL type: string privateKey: description: REQUIRED if mode is `MUTUAL`. format: string type: string sni: description: SNI string to present to the server during TLS handshake. format: string type: string subjectAltNames: items: format: string type: string type: array type: object type: object type: array tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: format: string type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. format: string type: string mode: enum: - DISABLE - SIMPLE - MUTUAL - ISTIO_MUTUAL type: string privateKey: description: REQUIRED if mode is `MUTUAL`. format: string type: string sni: description: SNI string to present to the server during TLS handshake. format: string type: string subjectAltNames: items: format: string type: string type: array type: object type: object type: object type: array trafficPolicy: properties: connectionPool: properties: http: description: HTTP connection pool settings. properties: h2UpgradePolicy: description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. enum: - DEFAULT - DO_NOT_UPGRADE - UPGRADE type: string http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. format: int32 type: integer idleTimeout: description: The idle timeout for upstream connection pool connections. type: string maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. format: int32 type: integer maxRetries: format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer tcpKeepalive: description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. properties: interval: description: The time duration between keep-alive probes. type: string probes: type: integer time: type: string type: object type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. oneOf: - required: - simple - properties: consistentHash: oneOf: - required: - httpHeaderName - required: - httpCookie - required: - useSourceIp required: - consistentHash properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: Name of the cookie. format: string type: string path: description: Path to set for the cookie. format: string type: string ttl: description: Lifetime of the cookie. type: string type: object httpHeaderName: description: Hash based on a specific HTTP header. format: string type: string minimumRingSize: type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object localityLbSetting: properties: distribute: description: 'Optional: only one of distribute or failover can be set.' items: properties: from: description: Originating locality, '/' separated, e.g. format: string type: string to: additionalProperties: type: integer description: Map of upstream localities to traffic distribution weights. type: object type: object type: array enabled: description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. type: boolean failover: description: 'Optional: only failover or distribute can be set.' items: properties: from: description: Originating region. format: string type: string to: format: string type: string type: object type: array type: object simple: enum: - ROUND_ROBIN - LEAST_CONN - RANDOM - PASSTHROUGH type: string type: object outlierDetection: properties: baseEjectionTime: description: Minimum ejection duration. type: string consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. type: integer consecutiveErrors: format: int32 type: integer consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. type: integer interval: description: Time interval between ejection sweep analysis. type: string maxEjectionPercent: format: int32 type: integer minHealthPercent: format: int32 type: integer type: object portLevelSettings: description: Traffic policies specific to individual ports. items: properties: connectionPool: properties: http: description: HTTP connection pool settings. properties: h2UpgradePolicy: description: Specify if http1.1 connection should be upgraded to http2 for the associated destination. enum: - DEFAULT - DO_NOT_UPGRADE - UPGRADE type: string http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. format: int32 type: integer idleTimeout: description: The idle timeout for upstream connection pool connections. type: string maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. format: int32 type: integer maxRetries: format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer tcpKeepalive: description: If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. properties: interval: description: The time duration between keep-alive probes. type: string probes: type: integer time: type: string type: object type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. oneOf: - required: - simple - properties: consistentHash: oneOf: - required: - httpHeaderName - required: - httpCookie - required: - useSourceIp required: - consistentHash properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: Name of the cookie. format: string type: string path: description: Path to set for the cookie. format: string type: string ttl: description: Lifetime of the cookie. type: string type: object httpHeaderName: description: Hash based on a specific HTTP header. format: string type: string minimumRingSize: type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object localityLbSetting: properties: distribute: description: 'Optional: only one of distribute or failover can be set.' items: properties: from: description: Originating locality, '/' separated, e.g. format: string type: string to: additionalProperties: type: integer description: Map of upstream localities to traffic distribution weights. type: object type: object type: array enabled: description: enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. type: boolean failover: description: 'Optional: only failover or distribute can be set.' items: properties: from: description: Originating region. format: string type: string to: format: string type: string type: object type: array type: object simple: enum: - ROUND_ROBIN - LEAST_CONN - RANDOM - PASSTHROUGH type: string type: object outlierDetection: properties: baseEjectionTime: description: Minimum ejection duration. type: string consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. type: integer consecutiveErrors: format: int32 type: integer consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. type: integer interval: description: Time interval between ejection sweep analysis. type: string maxEjectionPercent: format: int32 type: integer minHealthPercent: format: int32 type: integer type: object port: properties: number: type: integer type: object tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: format: string type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. format: string type: string mode: enum: - DISABLE - SIMPLE - MUTUAL - ISTIO_MUTUAL type: string privateKey: description: REQUIRED if mode is `MUTUAL`. format: string type: string sni: description: SNI string to present to the server during TLS handshake. format: string type: string subjectAltNames: items: format: string type: string type: array type: object type: object type: array tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: format: string type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. format: string type: string mode: enum: - DISABLE - SIMPLE - MUTUAL - ISTIO_MUTUAL type: string privateKey: description: REQUIRED if mode is `MUTUAL`. format: string type: string sni: description: SNI string to present to the server during TLS handshake. format: string type: string subjectAltNames: items: format: string type: string type: array type: object type: object type: object type: object versions: - name: v1alpha3 served: true storage: true - name: v1beta1 served: true storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller release: istio name: envoyfilters.networking.istio.io spec: group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: EnvoyFilter listKind: EnvoyFilterList plural: envoyfilters singular: envoyfilter scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' properties: configPatches: description: One or more patches with match conditions. items: properties: applyTo: enum: - INVALID - LISTENER - FILTER_CHAIN - NETWORK_FILTER - HTTP_FILTER - ROUTE_CONFIGURATION - VIRTUAL_HOST - HTTP_ROUTE - CLUSTER type: string match: description: Match on listener/route configuration/cluster. oneOf: - required: - listener - required: - routeConfiguration - required: - cluster properties: cluster: description: Match on envoy cluster attributes. properties: name: description: The exact name of the cluster to match. format: string type: string portNumber: description: The service port for which this cluster was generated. type: integer service: description: The fully qualified service name for this cluster. format: string type: string subset: description: The subset associated with the service. format: string type: string type: object context: description: The specific config generation context to match on. enum: - ANY - SIDECAR_INBOUND - SIDECAR_OUTBOUND - GATEWAY type: string listener: description: Match on envoy listener attributes. properties: filterChain: description: Match a specific filter chain in a listener. properties: applicationProtocols: description: Applies only to sidecars. format: string type: string filter: description: The name of a specific filter to apply the patch to. properties: name: description: The filter name to match on. format: string type: string subFilter: properties: name: description: The filter name to match on. format: string type: string type: object type: object name: description: The name assigned to the filter chain. format: string type: string sni: description: The SNI value used by a filter chain's match condition. format: string type: string transportProtocol: description: Applies only to SIDECAR_INBOUND context. format: string type: string type: object name: description: Match a specific listener by its name. format: string type: string portName: format: string type: string portNumber: type: integer type: object proxy: description: Match on properties associated with a proxy. properties: metadata: additionalProperties: format: string type: string type: object proxyVersion: format: string type: string type: object routeConfiguration: description: Match on envoy HTTP route configuration attributes. properties: gateway: format: string type: string name: description: Route configuration name to match on. format: string type: string portName: description: Applicable only for GATEWAY context. format: string type: string portNumber: type: integer vhost: properties: name: format: string type: string route: description: Match a specific route within the virtual host. properties: action: description: Match a route with specific action type. enum: - ANY - ROUTE - REDIRECT - DIRECT_RESPONSE type: string name: format: string type: string type: object type: object type: object type: object patch: description: The patch to apply along with the operation. properties: operation: description: Determines how the patch should be applied. enum: - INVALID - MERGE - ADD - REMOVE - INSERT_BEFORE - INSERT_AFTER - INSERT_FIRST type: string value: description: The JSON config of the object being patched. type: object type: object type: object type: array filters: items: properties: filterConfig: type: object filterName: description: The name of the filter to instantiate. format: string type: string filterType: description: The type of filter to instantiate. enum: - INVALID - HTTP - NETWORK type: string insertPosition: description: Insert position in the filter chain. properties: index: description: Position of this filter in the filter chain. enum: - FIRST - LAST - BEFORE - AFTER type: string relativeTo: format: string type: string type: object listenerMatch: properties: address: description: One or more IP addresses to which the listener is bound. items: format: string type: string type: array listenerProtocol: description: Selects a class of listeners for the same protocol. enum: - ALL - HTTP - TCP type: string listenerType: description: Inbound vs outbound sidecar listener or gateway listener. enum: - ANY - SIDECAR_INBOUND - SIDECAR_OUTBOUND - GATEWAY type: string portNamePrefix: format: string type: string portNumber: type: integer type: object type: object type: array workloadLabels: additionalProperties: format: string type: string description: Deprecated. type: object workloadSelector: properties: labels: additionalProperties: format: string type: string type: object type: object type: object type: object versions: - name: v1alpha3 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller release: istio name: gateways.networking.istio.io spec: group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: Gateway listKind: GatewayList plural: gateways shortNames: - gw singular: gateway scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html' properties: selector: additionalProperties: format: string type: string type: object servers: description: A list of server specifications. items: properties: bind: format: string type: string defaultEndpoint: format: string type: string hosts: description: One or more hosts exposed by this gateway. items: format: string type: string type: array port: properties: name: description: Label assigned to the port. format: string type: string number: description: A valid non-negative integer port number. type: integer protocol: description: The protocol exposed on the port. format: string type: string type: object tls: description: Set of TLS related options that govern the server's behavior. properties: caCertificates: description: REQUIRED if mode is `MUTUAL`. format: string type: string cipherSuites: description: 'Optional: If specified, only support the specified cipher list.' items: format: string type: string type: array credentialName: format: string type: string httpsRedirect: type: boolean maxProtocolVersion: description: 'Optional: Maximum TLS protocol version.' enum: - TLS_AUTO - TLSV1_0 - TLSV1_1 - TLSV1_2 - TLSV1_3 type: string minProtocolVersion: description: 'Optional: Minimum TLS protocol version.' enum: - TLS_AUTO - TLSV1_0 - TLSV1_1 - TLSV1_2 - TLSV1_3 type: string mode: enum: - PASSTHROUGH - SIMPLE - MUTUAL - AUTO_PASSTHROUGH - ISTIO_MUTUAL type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. format: string type: string serverCertificate: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. format: string type: string subjectAltNames: items: format: string type: string type: array verifyCertificateHash: items: format: string type: string type: array verifyCertificateSpki: items: format: string type: string type: array type: object type: object type: array type: object type: object versions: - name: v1alpha3 served: true storage: true - name: v1beta1 served: true storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller release: istio name: serviceentries.networking.istio.io spec: additionalPrinterColumns: - JSONPath: .spec.hosts description: The hosts associated with the ServiceEntry name: Hosts type: string - JSONPath: .spec.location description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL) name: Location type: string - JSONPath: .spec.resolution description: Service discovery mode for the hosts (NONE, STATIC, or DNS) name: Resolution type: string - JSONPath: .metadata.creationTimestamp description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' name: Age type: date group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: ServiceEntry listKind: ServiceEntryList plural: serviceentries shortNames: - se singular: serviceentry scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html' properties: addresses: description: The virtual IP addresses associated with the service. items: format: string type: string type: array endpoints: description: One or more endpoints associated with the service. items: properties: address: format: string type: string labels: additionalProperties: format: string type: string description: One or more labels associated with the endpoint. type: object locality: description: The locality associated with the endpoint. format: string type: string network: format: string type: string ports: additionalProperties: type: integer description: Set of ports associated with the endpoint. type: object weight: description: The load balancing weight associated with the endpoint. type: integer type: object type: array exportTo: description: A list of namespaces to which this service is exported. items: format: string type: string type: array hosts: description: The hosts associated with the ServiceEntry. items: format: string type: string type: array location: enum: - MESH_EXTERNAL - MESH_INTERNAL type: string ports: description: The ports associated with the external service. items: properties: name: description: Label assigned to the port. format: string type: string number: description: A valid non-negative integer port number. type: integer protocol: description: The protocol exposed on the port. format: string type: string type: object type: array resolution: description: Service discovery mode for the hosts. enum: - NONE - STATIC - DNS type: string subjectAltNames: items: format: string type: string type: array type: object type: object versions: - name: v1alpha3 served: true storage: true - name: v1beta1 served: true storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller release: istio name: sidecars.networking.istio.io spec: group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: Sidecar listKind: SidecarList plural: sidecars singular: sidecar scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' properties: egress: items: properties: bind: format: string type: string captureMode: enum: - DEFAULT - IPTABLES - NONE type: string hosts: items: format: string type: string type: array port: description: The port associated with the listener. properties: name: description: Label assigned to the port. format: string type: string number: description: A valid non-negative integer port number. type: integer protocol: description: The protocol exposed on the port. format: string type: string type: object type: object type: array ingress: items: properties: bind: description: The IP to which the listener should be bound. format: string type: string captureMode: enum: - DEFAULT - IPTABLES - NONE type: string defaultEndpoint: format: string type: string port: description: The port associated with the listener. properties: name: description: Label assigned to the port. format: string type: string number: description: A valid non-negative integer port number. type: integer protocol: description: The protocol exposed on the port. format: string type: string type: object type: object type: array outboundTrafficPolicy: description: This allows to configure the outbound traffic policy. properties: mode: enum: - REGISTRY_ONLY - ALLOW_ANY type: string type: object workloadSelector: properties: labels: additionalProperties: format: string type: string type: object type: object type: object type: object versions: - name: v1alpha3 served: true storage: true - name: v1beta1 served: true storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller release: istio name: virtualservices.networking.istio.io spec: additionalPrinterColumns: - JSONPath: .spec.gateways description: The names of gateways and sidecars that should apply these routes name: Gateways type: string - JSONPath: .spec.hosts description: The destination hosts to which traffic is being sent name: Hosts type: string - JSONPath: .metadata.creationTimestamp description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' name: Age type: date group: networking.istio.io names: categories: - istio-io - networking-istio-io kind: VirtualService listKind: VirtualServiceList plural: virtualservices shortNames: - vs singular: virtualservice scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' properties: exportTo: description: A list of namespaces to which this virtual service is exported. items: format: string type: string type: array gateways: description: The names of gateways and sidecars that should apply these routes. items: format: string type: string type: array hosts: description: The destination hosts to which traffic is being sent. items: format: string type: string type: array http: description: An ordered list of route rules for HTTP traffic. items: properties: corsPolicy: description: Cross-Origin Resource Sharing policy (CORS). properties: allowCredentials: type: boolean allowHeaders: items: format: string type: string type: array allowMethods: description: List of HTTP methods allowed to access the resource. items: format: string type: string type: array allowOrigin: description: The list of origins that are allowed to perform CORS requests. items: format: string type: string type: array allowOrigins: description: String patterns that match allowed origins. items: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object type: array exposeHeaders: items: format: string type: string type: array maxAge: type: string type: object fault: description: Fault injection policy to apply on HTTP traffic at the client side. properties: abort: oneOf: - required: - httpStatus - required: - grpcStatus - required: - http2Error properties: grpcStatus: format: string type: string http2Error: format: string type: string httpStatus: description: HTTP status code to use to abort the Http request. format: int32 type: integer percentage: description: Percentage of requests to be aborted with the error code provided. properties: value: format: double type: number type: object type: object delay: oneOf: - properties: percent: {} required: - fixedDelay - properties: percent: {} required: - exponentialDelay properties: exponentialDelay: type: string fixedDelay: description: Add a fixed delay before forwarding the request. type: string percent: description: Percentage of requests on which the delay will be injected (0-100). format: int32 type: integer percentage: description: Percentage of requests on which the delay will be injected. properties: value: format: double type: number type: object type: object type: object headers: properties: request: properties: add: additionalProperties: format: string type: string type: object remove: items: format: string type: string type: array set: additionalProperties: format: string type: string type: object type: object response: properties: add: additionalProperties: format: string type: string type: object remove: items: format: string type: string type: array set: additionalProperties: format: string type: string type: object type: object type: object match: items: properties: authority: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object gateways: description: Names of gateways where the rule should be applied. items: format: string type: string type: array headers: additionalProperties: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object type: object ignoreUriCase: description: Flag to specify whether the URI matching should be case-insensitive. type: boolean method: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object name: description: The name assigned to a match. format: string type: string port: description: Specifies the ports on the host that is being addressed. type: integer queryParams: additionalProperties: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object description: Query parameters for matching. type: object scheme: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object sourceLabels: additionalProperties: format: string type: string type: object uri: oneOf: - required: - exact - required: - prefix - required: - regex properties: exact: format: string type: string prefix: format: string type: string regex: format: string type: string type: object type: object type: array mirror: properties: host: description: The name of a service from the service registry. format: string type: string port: description: Specifies the port on the host that is being addressed. properties: number: type: integer type: object subset: description: The name of a subset within the service. format: string type: string type: object mirror_percent: description: Percentage of the traffic to be mirrored by the `mirror` field. type: integer mirrorPercent: description: Percentage of the traffic to be mirrored by the `mirror` field. type: integer mirrorPercentage: description: Percentage of the traffic to be mirrored by the `mirror` field. properties: value: format: double type: number type: object name: description: The name assigned to the route for debugging purposes. format: string type: string redirect: description: A HTTP rule can either redirect or forward (default) traffic. properties: authority: format: string type: string redirectCode: type: integer uri: format: string type: string type: object retries: description: Retry policy for HTTP requests. properties: attempts: description: Number of retries for a given request. format: int32 type: integer perTryTimeout: description: Timeout per retry attempt for a given request. type: string retryOn: description: Specifies the conditions under which retry takes place. format: string type: string type: object rewrite: description: Rewrite HTTP URIs and Authority headers. properties: authority: description: rewrite the Authority/Host header with this value. format: string type: string uri: format: string type: string type: object route: description: A HTTP rule can either redirect or forward (default) traffic. items: properties: destination: properties: host: description: The name of a service from the service registry. format: string type: string port: description: Specifies the port on the host that is being addressed. properties: number: type: integer type: object subset: description: The name of a subset within the service. format: string type: string type: object headers: properties: request: properties: add: additionalProperties: format: string type: string type: object remove: items: format: string type: string type: array set: additionalProperties: format: string type: string type: object type: object response: properties: add: additionalProperties: format: string type: string type: object remove: items: format: string type: string type: array set: additionalProperties: format: string type: string type: object type: object type: object weight: format: int32 type: integer type: object type: array timeout: description: Timeout for HTTP requests. type: string type: object type: array tcp: description: An ordered list of route rules for opaque TCP traffic. items: properties: match: items: properties: destinationSubnets: description: IPv4 or IPv6 ip addresses of destination with optional subnet. items: format: string type: string type: array gateways: description: Names of gateways where the rule should be applied. items: format: string type: string type: array port: description: Specifies the port on the host that is being addressed. type: integer sourceLabels: additionalProperties: format: string type: string type: object sourceSubnet: description: IPv4 or IPv6 ip address of source with optional subnet. format: string type: string type: object type: array route: description: The destination to which the connection should be forwarded to. items: properties: destination: properties: host: description: The name of a service from the service registry. format: string type: string port: description: Specifies the port on the host that is being addressed. properties: number: type: integer type: object subset: description: The name of a subset within the service. format: string type: string type: object weight: format: int32 type: integer type: object type: array type: object type: array tls: items: properties: match: items: properties: destinationSubnets: description: IPv4 or IPv6 ip addresses of destination with optional subnet. items: format: string type: string type: array gateways: description: Names of gateways where the rule should be applied. items: format: string type: string type: array port: description: Specifies the port on the host that is being addressed. type: integer sniHosts: description: SNI (server name indicator) to match on. items: format: string type: string type: array sourceLabels: additionalProperties: format: string type: string type: object type: object type: array route: description: The destination to which the connection should be forwarded to. items: properties: destination: properties: host: description: The name of a service from the service registry. format: string type: string port: description: Specifies the port on the host that is being addressed. properties: number: type: integer type: object subset: description: The name of a subset within the service. format: string type: string type: object weight: format: int32 type: integer type: object type: array type: object type: array type: object type: object versions: - name: v1alpha3 served: true storage: true - name: v1beta1 served: true storage: false --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: core package: istio.io.mixer release: istio name: attributemanifests.config.istio.io spec: group: config.istio.io names: categories: - istio-io - policy-istio-io kind: attributemanifest listKind: attributemanifestList plural: attributemanifests singular: attributemanifest scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' properties: attributes: additionalProperties: properties: description: description: A human-readable description of the attribute's purpose. format: string type: string valueType: description: The type of data carried by this attribute. enum: - VALUE_TYPE_UNSPECIFIED - STRING - INT64 - DOUBLE - BOOL - TIMESTAMP - IP_ADDRESS - EMAIL_ADDRESS - URI - DNS_NAME - DURATION - STRING_MAP type: string type: object description: The set of attributes this Istio component will be responsible for producing at runtime. type: object name: description: Name of the component producing these attributes. format: string type: string revision: description: The revision of this document. format: string type: string type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: mixer-handler package: handler release: istio name: handlers.config.istio.io spec: group: config.istio.io names: categories: - istio-io - policy-istio-io kind: handler listKind: handlerList plural: handlers singular: handler scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: Handler allows the operator to configure a specific adapter implementation. properties: adapter: description: The name of a specific adapter implementation. format: string type: string compiledAdapter: description: The name of the compiled in adapter this handler instantiates. format: string type: string connection: description: Information on how to connect to the out-of-process adapter. properties: address: description: The address of the backend. format: string type: string authentication: description: Auth config for the connection to the backend. oneOf: - properties: tls: allOf: - oneOf: - required: - tokenPath - required: - oauth - oneOf: - required: - authHeader - required: - customHeader required: - tls - required: - mutual properties: mutual: properties: caCertificates: format: string type: string clientCertificate: description: The path to the file holding client certificate for mutual TLS. format: string type: string privateKey: description: The path to the file holding the private key for mutual TLS. format: string type: string serverName: description: Used to configure mixer mutual TLS client to supply server name for SNI. format: string type: string type: object tls: properties: authHeader: description: Access token is passed as authorization header. enum: - PLAIN - BEARER type: string caCertificates: format: string type: string customHeader: description: Customized header key to hold access token, e.g. format: string type: string oauth: description: Oauth config to fetch access token from auth provider. properties: clientId: description: OAuth client id for mixer. format: string type: string clientSecret: description: The path to the file holding the client secret for oauth. format: string type: string endpointParams: additionalProperties: format: string type: string description: Additional parameters for requests to the token endpoint. type: object scopes: description: List of requested permissions. items: format: string type: string type: array tokenUrl: description: The Resource server's token endpoint URL. format: string type: string type: object serverName: format: string type: string tokenPath: format: string type: string type: object type: object timeout: description: Timeout for remote calls to the backend. type: string type: object name: description: Must be unique in the entire Mixer configuration. format: string type: string params: description: Depends on adapter implementation. type: object type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: mixer-instance package: instance release: istio name: instances.config.istio.io spec: group: config.istio.io names: categories: - istio-io - policy-istio-io kind: instance listKind: instanceList plural: instances singular: instance scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: An Instance tells Mixer how to create instances for particular template. properties: attributeBindings: additionalProperties: format: string type: string type: object compiledTemplate: description: The name of the compiled in template this instance creates instances for. format: string type: string name: format: string type: string params: description: Depends on referenced template. type: object template: description: The name of the template this instance creates instances for. format: string type: string type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: core package: istio.io.mixer release: istio name: rules.config.istio.io spec: group: config.istio.io names: categories: - istio-io - policy-istio-io kind: rule listKind: ruleList plural: rules singular: rule scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Describes the rules used to configure Mixer''s policy and telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' properties: actions: description: The actions that will be executed when match evaluates to `true`. items: properties: handler: description: Fully qualified name of the handler to invoke. format: string type: string instances: items: format: string type: string type: array name: description: A handle to refer to the results of the action. format: string type: string type: object type: array match: description: Match is an attribute based predicate. format: string type: string requestHeaderOperations: items: properties: name: description: Header name literal value. format: string type: string operation: description: Header operation type. enum: - REPLACE - REMOVE - APPEND type: string values: description: Header value expressions. items: format: string type: string type: array type: object type: array responseHeaderOperations: items: properties: name: description: Header name literal value. format: string type: string operation: description: Header operation type. enum: - REPLACE - REMOVE - APPEND type: string values: description: Header value expressions. items: format: string type: string type: array type: object type: array sampling: properties: random: description: Provides filtering of actions based on random selection per request. properties: attributeExpression: description: Specifies an attribute expression to use to override the numerator in the `percent_sampled` field. format: string type: string percentSampled: description: The default sampling rate, expressed as a percentage. properties: denominator: description: Specifies the denominator. enum: - HUNDRED - TEN_THOUSAND type: string numerator: description: Specifies the numerator. type: integer type: object useIndependentRandomness: description: By default sampling will be based on the value of the request header `x-request-id`. type: boolean type: object rateLimit: properties: maxUnsampledEntries: description: Number of entries to allow during the `sampling_duration` before sampling is enforced. format: int64 type: integer samplingDuration: description: Window in which to enforce the sampling rate. type: string samplingRate: description: The rate at which to sample entries once the unsampled limit has been reached. format: int64 type: integer type: object type: object type: object type: object versions: - name: v1alpha2 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller istio: rbac release: istio name: clusterrbacconfigs.rbac.istio.io spec: group: rbac.istio.io names: categories: - istio-io - rbac-istio-io kind: ClusterRbacConfig listKind: ClusterRbacConfigList plural: clusterrbacconfigs singular: clusterrbacconfig scope: Cluster subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' properties: enforcementMode: enum: - ENFORCED - PERMISSIVE type: string exclusion: description: A list of services or namespaces that should not be enforced by Istio RBAC policies. properties: namespaces: description: A list of namespaces. items: format: string type: string type: array services: description: A list of services. items: format: string type: string type: array type: object inclusion: description: A list of services or namespaces that should be enforced by Istio RBAC policies. properties: namespaces: description: A list of namespaces. items: format: string type: string type: array services: description: A list of services. items: format: string type: string type: array type: object mode: description: Istio RBAC mode. enum: - "OFF" - "ON" - ON_WITH_INCLUSION - ON_WITH_EXCLUSION type: string type: object type: object versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: rbac package: istio.io.mixer release: istio name: rbacconfigs.rbac.istio.io spec: group: rbac.istio.io names: categories: - istio-io - rbac-istio-io kind: RbacConfig listKind: RbacConfigList plural: rbacconfigs singular: rbacconfig scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' properties: enforcementMode: enum: - ENFORCED - PERMISSIVE type: string exclusion: description: A list of services or namespaces that should not be enforced by Istio RBAC policies. properties: namespaces: description: A list of namespaces. items: format: string type: string type: array services: description: A list of services. items: format: string type: string type: array type: object inclusion: description: A list of services or namespaces that should be enforced by Istio RBAC policies. properties: namespaces: description: A list of namespaces. items: format: string type: string type: array services: description: A list of services. items: format: string type: string type: array type: object mode: description: Istio RBAC mode. enum: - "OFF" - "ON" - ON_WITH_INCLUSION - ON_WITH_EXCLUSION type: string type: object type: object versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: rbac package: istio.io.mixer release: istio name: serviceroles.rbac.istio.io spec: group: rbac.istio.io names: categories: - istio-io - rbac-istio-io kind: ServiceRole listKind: ServiceRoleList plural: serviceroles singular: servicerole scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' properties: rules: description: The set of access rules (permissions) that the role has. items: properties: constraints: description: Optional. items: properties: key: description: Key of the constraint. format: string type: string values: description: List of valid values for the constraint. items: format: string type: string type: array type: object type: array hosts: items: format: string type: string type: array methods: description: Optional. items: format: string type: string type: array notHosts: items: format: string type: string type: array notMethods: items: format: string type: string type: array notPaths: items: format: string type: string type: array notPorts: items: format: int32 type: integer type: array paths: description: Optional. items: format: string type: string type: array ports: items: format: int32 type: integer type: array services: description: A list of service names. items: format: string type: string type: array type: object type: array type: object type: object versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: mixer chart: istio heritage: Tiller istio: rbac package: istio.io.mixer release: istio name: servicerolebindings.rbac.istio.io spec: additionalPrinterColumns: - JSONPath: .spec.roleRef.name description: The name of the ServiceRole object being referenced name: Reference type: string - JSONPath: .metadata.creationTimestamp description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' name: Age type: date group: rbac.istio.io names: categories: - istio-io - rbac-istio-io kind: ServiceRoleBinding listKind: ServiceRoleBindingList plural: servicerolebindings singular: servicerolebinding scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration for Role Based Access Control. See more details at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' properties: actions: items: properties: constraints: description: Optional. items: properties: key: description: Key of the constraint. format: string type: string values: description: List of valid values for the constraint. items: format: string type: string type: array type: object type: array hosts: items: format: string type: string type: array methods: description: Optional. items: format: string type: string type: array notHosts: items: format: string type: string type: array notMethods: items: format: string type: string type: array notPaths: items: format: string type: string type: array notPorts: items: format: int32 type: integer type: array paths: description: Optional. items: format: string type: string type: array ports: items: format: int32 type: integer type: array services: description: A list of service names. items: format: string type: string type: array type: object type: array mode: enum: - ENFORCED - PERMISSIVE type: string role: format: string type: string roleRef: description: Reference to the ServiceRole object. properties: kind: description: The type of the role being referenced. format: string type: string name: description: The name of the ServiceRole object being referenced. format: string type: string type: object subjects: description: List of subjects that are assigned the ServiceRole object. items: properties: group: format: string type: string groups: items: format: string type: string type: array ips: items: format: string type: string type: array names: items: format: string type: string type: array namespaces: items: format: string type: string type: array notGroups: items: format: string type: string type: array notIps: items: format: string type: string type: array notNames: items: format: string type: string type: array notNamespaces: items: format: string type: string type: array properties: additionalProperties: format: string type: string description: Optional. type: object user: description: Optional. format: string type: string type: object type: array type: object type: object versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller istio: security release: istio name: authorizationpolicies.security.istio.io spec: group: security.istio.io names: categories: - istio-io - security-istio-io kind: AuthorizationPolicy listKind: AuthorizationPolicyList plural: authorizationpolicies singular: authorizationpolicy scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: 'Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html' properties: action: description: Optional. enum: - ALLOW - DENY type: string rules: description: Optional. items: properties: from: description: Optional. items: properties: source: description: Source specifies the source of a request. properties: ipBlocks: description: Optional. items: format: string type: string type: array namespaces: description: Optional. items: format: string type: string type: array notIpBlocks: description: Optional. items: format: string type: string type: array notNamespaces: description: Optional. items: format: string type: string type: array notPrincipals: description: Optional. items: format: string type: string type: array notRequestPrincipals: description: Optional. items: format: string type: string type: array principals: description: Optional. items: format: string type: string type: array requestPrincipals: description: Optional. items: format: string type: string type: array type: object type: object type: array to: description: Optional. items: properties: operation: description: Operation specifies the operation of a request. properties: hosts: description: Optional. items: format: string type: string type: array methods: description: Optional. items: format: string type: string type: array notHosts: description: Optional. items: format: string type: string type: array notMethods: description: Optional. items: format: string type: string type: array notPaths: description: Optional. items: format: string type: string type: array notPorts: description: Optional. items: format: string type: string type: array paths: description: Optional. items: format: string type: string type: array ports: description: Optional. items: format: string type: string type: array type: object type: object type: array when: description: Optional. items: properties: key: description: The name of an Istio attribute. format: string type: string notValues: description: Optional. items: format: string type: string type: array values: description: Optional. items: format: string type: string type: array type: object type: array type: object type: array selector: description: Optional. properties: matchLabels: additionalProperties: format: string type: string type: object type: object type: object type: object versions: - name: v1beta1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller istio: security release: istio name: peerauthentications.security.istio.io spec: group: security.istio.io names: categories: - istio-io - security-istio-io kind: PeerAuthentication listKind: PeerAuthenticationList plural: peerauthentications singular: peerauthentication scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. properties: mtls: description: Mutual TLS settings for workload. properties: mode: description: Defines the mTLS mode used for peer authentication. enum: - UNSET - DISABLE - PERMISSIVE - STRICT type: string type: object portLevelMtls: additionalProperties: properties: mode: description: Defines the mTLS mode used for peer authentication. enum: - UNSET - DISABLE - PERMISSIVE - STRICT type: string type: object description: Port specific mutual TLS settings. type: object selector: description: The selector determines the workloads to apply the ChannelAuthentication on. properties: matchLabels: additionalProperties: format: string type: string type: object type: object type: object type: object versions: - name: v1beta1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio heritage: Tiller istio: security release: istio name: requestauthentications.security.istio.io spec: group: security.istio.io names: categories: - istio-io - security-istio-io kind: RequestAuthentication listKind: RequestAuthenticationList plural: requestauthentications singular: requestauthentication scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: spec: description: RequestAuthentication defines what request authentication methods are supported by a workload. properties: jwtRules: description: Define the list of JWTs that can be validated at the selected workloads' proxy. items: properties: audiences: items: format: string type: string type: array forwardOriginalToken: description: If set to true, the orginal token will be kept for the ustream request. type: boolean fromHeaders: description: List of header locations from which JWT is expected. items: properties: name: description: The HTTP header name. format: string type: string prefix: description: The prefix that should be stripped before decoding the token. format: string type: string type: object type: array fromParams: description: List of query parameters from which JWT is expected. items: format: string type: string type: array issuer: description: Identifies the issuer that issued the JWT. format: string type: string jwks: description: JSON Web Key Set of public keys to validate signature of the JWT. format: string type: string jwks_uri: format: string type: string jwksUri: format: string type: string outputPayloadToHeader: format: string type: string type: object type: array selector: description: The selector determines the workloads to apply the RequestAuthentication on. properties: matchLabels: additionalProperties: format: string type: string type: object type: object type: object type: object versions: - name: v1beta1 served: true storage: true --- kind: CustomResourceDefinition apiVersion: apiextensions.k8s.io/v1beta1 metadata: name: adapters.config.istio.io labels: app: mixer package: adapter istio: mixer-adapter chart: istio heritage: Tiller release: istio annotations: "helm.sh/resource-policy": keep spec: group: config.istio.io names: kind: adapter plural: adapters singular: adapter categories: - istio-io - policy-istio-io scope: Namespaced subresources: status: {} versions: - name: v1alpha2 served: true storage: true --- kind: CustomResourceDefinition apiVersion: apiextensions.k8s.io/v1beta1 metadata: name: templates.config.istio.io labels: app: mixer package: template istio: mixer-template chart: istio heritage: Tiller release: istio annotations: "helm.sh/resource-policy": keep spec: group: config.istio.io names: kind: template plural: templates singular: template categories: - istio-io - policy-istio-io scope: Namespaced subresources: status: {} versions: - name: v1alpha2 served: true storage: true --- apiVersion: v1 kind: Namespace metadata: name: istio-system labels: istio-operator-managed: Reconcile istio-injection: disabled --- apiVersion: v1 kind: ServiceAccount metadata: name: istio-reader-service-account namespace: istio-system labels: app: istio-reader release: istio --- # Citadel component is disabled. # Cni component is disabled. # Resources for EgressGateways component apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: labels: app: istio-egressgateway istio: egressgateway release: istio name: istio-egressgateway namespace: istio-system spec: maxReplicas: 5 metrics: - resource: name: cpu targetAverageUtilization: 80 type: Resource minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: istio-egressgateway --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: istio-egressgateway istio: egressgateway release: istio name: istio-egressgateway namespace: istio-system spec: selector: matchLabels: app: istio-egressgateway istio: egressgateway strategy: rollingUpdate: maxSurge: 100% maxUnavailable: 25% template: metadata: annotations: sidecar.istio.io/inject: "false" labels: app: istio-egressgateway chart: gateways heritage: Tiller istio: egressgateway release: istio service.istio.io/canonical-name: istio-egressgateway service.istio.io/canonical-revision: "1.5" spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel=warning - --proxyComponentLogLevel=misc:error - --log_output_level=default:info - --drainDuration - 45s - --parentShutdownDuration - 1m0s - --connectTimeout - 10s - --serviceCluster - istio-egressgateway - --zipkinAddress - zipkin.istio-system:9411 - --proxyAdminPort - "15000" - --statusPort - "15020" - --controlPlaneAuthPolicy - NONE - --discoveryAddress - istio-pilot.istio-system.svc:15012 - --trust-domain=cluster.local env: - name: JWT_POLICY value: third-party-jwt - name: PILOT_CERT_PROVIDER value: istiod - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName - name: ISTIO_META_WORKLOAD_NAME value: istio-egressgateway - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-egressgateway - name: ISTIO_META_MESH_ID value: cluster.local - name: ISTIO_AUTO_MTLS_ENABLED value: "true" - name: ISTIO_META_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ISTIO_META_CONFIG_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ISTIO_META_ROUTER_MODE value: sni-dnat - name: ISTIO_META_CLUSTER_ID value: Kubernetes image: docker.io/istio/proxyv2:1.5.1 imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 80 - containerPort: 443 - containerPort: 15443 - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15020 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi volumeMounts: - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /etc/istio/pod name: podinfo - mountPath: /etc/istio/egressgateway-certs name: egressgateway-certs readOnly: true - mountPath: /etc/istio/egressgateway-ca-certs name: egressgateway-ca-certs readOnly: true serviceAccountName: istio-egressgateway-service-account volumes: - configMap: name: istio-ca-root-cert name: istiod-ca-cert - downwardAPI: items: - fieldRef: fieldPath: metadata.labels path: labels - fieldRef: fieldPath: metadata.annotations path: annotations name: podinfo - name: istio-token projected: sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: egressgateway-certs secret: optional: true secretName: istio-egressgateway-certs - name: egressgateway-ca-certs secret: optional: true secretName: istio-egressgateway-ca-certs --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: istio-egressgateway namespace: istio-system labels: app: istio-egressgateway istio: egressgateway release: istio spec: minAvailable: 1 selector: matchLabels: app: istio-egressgateway istio: egressgateway release: istio --- apiVersion: v1 kind: Service metadata: annotations: null labels: app: istio-egressgateway istio: egressgateway release: istio name: istio-egressgateway namespace: istio-system spec: ports: - name: http2 port: 80 - name: https port: 443 - name: tls port: 15443 targetPort: 15443 selector: app: istio-egressgateway istio: egressgateway type: ClusterIP --- apiVersion: v1 kind: ServiceAccount metadata: name: istio-egressgateway-service-account namespace: istio-system labels: app: istio-egressgateway istio: egressgateway release: istio --- # Galley component is disabled. # Resources for IngressGateways component apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: labels: app: istio-ingressgateway istio: ingressgateway release: istio name: istio-ingressgateway namespace: istio-system spec: maxReplicas: 5 metrics: - resource: name: cpu targetAverageUtilization: 80 type: Resource minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: istio-ingressgateway --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: istio-ingressgateway istio: ingressgateway release: istio name: istio-ingressgateway namespace: istio-system spec: selector: matchLabels: app: istio-ingressgateway istio: ingressgateway strategy: rollingUpdate: maxSurge: 100% maxUnavailable: 25% template: metadata: annotations: sidecar.istio.io/inject: "false" labels: app: istio-ingressgateway chart: gateways heritage: Tiller istio: ingressgateway release: istio service.istio.io/canonical-name: istio-ingressgateway service.istio.io/canonical-revision: "1.5" spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - args: - proxy - router - --domain - $(POD_NAMESPACE).svc.cluster.local - --proxyLogLevel=warning - --proxyComponentLogLevel=misc:error - --log_output_level=default:info - --drainDuration - 45s - --parentShutdownDuration - 1m0s - --connectTimeout - 10s - --serviceCluster - istio-ingressgateway - --zipkinAddress - zipkin.istio-system:9411 - --proxyAdminPort - "15000" - --statusPort - "15020" - --controlPlaneAuthPolicy - NONE - --discoveryAddress - istio-pilot.istio-system.svc:15012 - --trust-domain=cluster.local env: - name: JWT_POLICY value: third-party-jwt - name: PILOT_CERT_PROVIDER value: istiod - name: ISTIO_META_USER_SDS value: "true" - name: CA_ADDR value: istio-pilot.istio-system.svc:15012 - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName - name: ISTIO_META_WORKLOAD_NAME value: istio-ingressgateway - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway - name: ISTIO_META_MESH_ID value: cluster.local - name: ISTIO_AUTO_MTLS_ENABLED value: "true" - name: ISTIO_META_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: ISTIO_META_CONFIG_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ISTIO_META_ROUTER_MODE value: sni-dnat - name: ISTIO_META_CLUSTER_ID value: Kubernetes image: docker.io/istio/proxyv2:1.5.1 imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 - containerPort: 80 - containerPort: 443 - containerPort: 15029 - containerPort: 15030 - containerPort: 15031 - containerPort: 15032 - containerPort: 15443 - containerPort: 31400 - containerPort: 15011 - containerPort: 15012 - containerPort: 8060 - containerPort: 853 - containerPort: 15090 name: http-envoy-prom protocol: TCP readinessProbe: failureThreshold: 30 httpGet: path: /healthz/ready port: 15020 scheme: HTTP initialDelaySeconds: 1 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi volumeMounts: - mountPath: /var/run/secrets/istio name: istiod-ca-cert - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/ingress_gateway name: ingressgatewaysdsudspath - mountPath: /etc/istio/pod name: podinfo - mountPath: /etc/istio/ingressgateway-certs name: ingressgateway-certs readOnly: true - mountPath: /etc/istio/ingressgateway-ca-certs name: ingressgateway-ca-certs readOnly: true serviceAccountName: istio-ingressgateway-service-account volumes: - configMap: name: istio-ca-root-cert name: istiod-ca-cert - downwardAPI: items: - fieldRef: fieldPath: metadata.labels path: labels - fieldRef: fieldPath: metadata.annotations path: annotations name: podinfo - emptyDir: {} name: ingressgatewaysdsudspath - name: istio-token projected: sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: ingressgateway-certs secret: optional: true secretName: istio-ingressgateway-certs - name: ingressgateway-ca-certs secret: optional: true secretName: istio-ingressgateway-ca-certs --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: ingressgateway namespace: istio-system labels: release: istio spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" # Additional ports in gateaway for the ingressPorts - apps using dedicated port instead of hostname --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: ingressgateway namespace: istio-system labels: app: istio-ingressgateway istio: ingressgateway release: istio spec: minAvailable: 1 selector: matchLabels: app: istio-ingressgateway istio: ingressgateway release: istio --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: istio-ingressgateway-sds namespace: istio-system labels: release: istio rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: istio-ingressgateway-sds namespace: istio-system labels: release: istio roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: istio-ingressgateway-sds subjects: - kind: ServiceAccount name: istio-ingressgateway-service-account --- apiVersion: v1 kind: Service metadata: annotations: null labels: app: istio-ingressgateway istio: ingressgateway release: istio name: istio-ingressgateway namespace: istio-system spec: ports: - name: status-port port: 15020 targetPort: 15020 - name: http2 port: 80 targetPort: 80 - name: https port: 443 - name: kiali port: 15029 targetPort: 15029 - name: prometheus port: 15030 targetPort: 15030 - name: grafana port: 15031 targetPort: 15031 - name: tracing port: 15032 targetPort: 15032 - name: tls port: 15443 targetPort: 15443 - name: tcp port: 31400 selector: app: istio-ingressgateway istio: ingressgateway type: LoadBalancer --- apiVersion: v1 kind: ServiceAccount metadata: name: istio-ingressgateway-service-account namespace: istio-system labels: app: istio-ingressgateway istio: ingressgateway release: istio --- apiVersion: networking.istio.io/v1alpha3 kind: Sidecar metadata: name: default namespace: istio-system labels: release: istio spec: egress: - hosts: - "*/*" --- # NodeAgent component is disabled. # Resources for Pilot component apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: istiod namespace: istio-system labels: app: istiod release: istio spec: maxReplicas: 5 minReplicas: 1 scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: istiod metrics: - type: Resource resource: name: cpu targetAverageUtilization: 80 --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: istio-galley-istio-system labels: release: istio rules: # For reading Istio resources - apiGroups: [ "authentication.istio.io", "config.istio.io", "networking.istio.io", "rbac.istio.io", "security.istio.io"] resources: ["*"] verbs: ["get", "list", "watch"] # For updating Istio resource statuses - apiGroups: [ "authentication.istio.io", "config.istio.io", "networking.istio.io", "rbac.istio.io", "security.istio.io"] resources: ["*/status"] verbs: ["update"] # Remove galley's permissions to reconcile the validation config when istiod is present. # Notably missing here is the permission to modify webhooks. - apiGroups: ["extensions","apps"] resources: ["deployments"] resourceNames: ["istio-galley"] verbs: ["get"] - apiGroups: [""] resources: ["pods", "nodes", "services", "endpoints", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: ["ingresses"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: ["deployments/finalizers"] resourceNames: ["istio-galley"] verbs: ["update"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "watch"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["clusterroles"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: istio-pilot-istio-system labels: app: pilot release: istio rules: - apiGroups: ["config.istio.io", "rbac.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] verbs: ["get", "watch", "list"] resources: ["*"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "watch", "list"] - apiGroups: ["extensions"] resources: ["ingresses"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: ["ingresses/status"] verbs: ["*"] # TODO: remove, too broad permission, should be namespace only - apiGroups: [""] resources: ["configmaps"] # Create and update needed for ingress election verbs: ["get", "list", "watch", "create", "update"] - apiGroups: [""] resources: ["endpoints", "pods", "services", "namespaces", "nodes", "secrets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["create", "get", "watch", "list", "update", "delete"] - apiGroups: ["certificates.k8s.io"] resources: - "certificatesigningrequests" - "certificatesigningrequests/approval" - "certificatesigningrequests/status" verbs: ["update", "create", "get", "delete", "watch"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: istiod-istio-system labels: app: istiod release: istio rules: # Remove permissions to reconcile webhook configuration. This address the downgrade case # where istiod will be uninstalled. Removing the permissions reduces # the likelihood that istiod will reconcile something it shouldn't. # sidecar injection controller - apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "patch"] # configuration validation webhook controller - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] # permissions to verify the webhook is ready and rejecting # invalid config. We use --server-dry-run so no config is persisted. - apiGroups: ["networking.istio.io"] verbs: ["create"] resources: ["gateways"] # istio configuration - apiGroups: ["config.istio.io", "rbac.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] verbs: ["get", "watch", "list"] resources: ["*"] # auto-detect installed CRD definitions - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "watch"] # discovery and routing - apiGroups: ["extensions","apps"] resources: ["deployments"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods", "nodes", "services", "namespaces", "endpoints"] verbs: ["get", "list", "watch"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["get", "list", "watch"] # ingress controller - apiGroups: ["extensions"] resources: ["ingresses"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: ["ingresses/status"] verbs: ["*"] # required for CA's namespace controller - apiGroups: [""] resources: ["configmaps"] verbs: ["create", "get", "list", "watch", "update"] # Istiod and bootstrap. - apiGroups: ["certificates.k8s.io"] resources: - "certificatesigningrequests" - "certificatesigningrequests/approval" - "certificatesigningrequests/status" verbs: ["update", "create", "get", "delete", "watch"] # Used by Istiod to verify the JWT tokens - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] # TODO: remove, no longer needed at cluster - apiGroups: [""] resources: ["secrets"] verbs: ["create", "get", "watch", "list", "update", "delete"] - apiGroups: [""] resources: ["serviceaccounts"] verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: istio-pilot-istio-system labels: app: pilot release: istio roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: istio-pilot-istio-system subjects: - kind: ServiceAccount name: istiod-service-account namespace: istio-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: istiod-istio-system labels: app: istiod release: istio roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: istiod-istio-system subjects: - kind: ServiceAccount name: istiod-service-account namespace: istio-system --- apiVersion: v1 kind: ConfigMap metadata: namespace: istio-system name: pilot-envoy-config labels: release: istio data: envoy.yaml.tmpl: |- admin: access_log_path: /dev/null address: socket_address: address: 127.0.0.1 port_value: 15000 static_resources: clusters: - name: in.15010 http2_protocol_options: {} connect_timeout: 1.000s hosts: - socket_address: address: 127.0.0.1 port_value: 15010 circuit_breakers: thresholds: - max_connections: 100000 max_pending_requests: 100000 max_requests: 100000 max_retries: 3 # TODO: telemetry using EDS # TODO: other pilots using EDS, load balancing # TODO: galley using EDS - name: out.galley.15019 http2_protocol_options: {} connect_timeout: 1.000s type: STRICT_DNS circuit_breakers: thresholds: - max_connections: 100000 max_pending_requests: 100000 max_requests: 100000 max_retries: 3 tls_context: common_tls_context: tls_certificates: - certificate_chain: filename: /etc/certs/cert-chain.pem private_key: filename: /etc/certs/key.pem validation_context: trusted_ca: filename: /etc/certs/root-cert.pem verify_subject_alt_name: - spiffe://cluster.local/ns/istio-system/sa/istio-galley-service-account hosts: - socket_address: address: istio-galley.istio-system port_value: 15019 listeners: - name: "in.15011" address: socket_address: address: 0.0.0.0 port_value: 15011 filter_chains: - filters: - name: envoy.http_connection_manager #typed_config #"@type": "type.googleapis.com/", config: codec_type: HTTP2 stat_prefix: "15011" stream_idle_timeout: 0s http2_protocol_options: max_concurrent_streams: 1073741824 access_log: - name: envoy.file_access_log config: path: /dev/stdout http_filters: - name: envoy.router route_config: name: "15011" virtual_hosts: - name: istio-pilot domains: - '*' routes: - match: prefix: / route: cluster: in.15010 timeout: 0.000s decorator: operation: xDS tls_context: require_client_certificate: true common_tls_context: validation_context: trusted_ca: filename: /etc/certs/root-cert.pem alpn_protocols: - h2 tls_certificates: - certificate_chain: filename: /etc/certs/cert-chain.pem private_key: filename: /etc/certs/key.pem # Manual 'whitebox' mode - name: "local.15019" address: socket_address: address: 127.0.0.1 port_value: 15019 filter_chains: - filters: - name: envoy.http_connection_manager config: codec_type: HTTP2 stat_prefix: "15019" stream_idle_timeout: 0s http2_protocol_options: max_concurrent_streams: 1073741824 access_log: - name: envoy.file_access_log config: path: /dev/stdout http_filters: - name: envoy.router route_config: name: "15019" virtual_hosts: - name: istio-galley domains: - '*' routes: - match: prefix: / route: cluster: out.galley.15019 timeout: 0.000s --- apiVersion: v1 kind: ConfigMap metadata: name: istio namespace: istio-system labels: release: istio data: # Configuration file for the mesh networks to be used by the Split Horizon EDS. meshNetworks: |- networks: {} values.yaml: |- appNamespaces: [] autoscaleEnabled: true autoscaleMax: 5 autoscaleMin: 1 configMap: true configNamespace: istio-config configSource: subscribedResources: [] cpu: targetAverageUtilization: 80 deploymentLabels: {} enableProtocolSniffingForInbound: true enableProtocolSniffingForOutbound: true enabled: true env: PILOT_HTTP10: 1 hub: "" image: pilot ingress: ingressClass: istio ingressControllerMode: STRICT ingressService: istio-ingressgateway jwksResolverExtraRootCA: "" keepaliveMaxServerConnectionAge: 30m meshNetworks: networks: {} namespace: istio-system nodeSelector: {} plugins: [] podAnnotations: {} podAntiAffinityLabelSelector: [] podAntiAffinityTermLabelSelector: [] policy: enabled: false replicaCount: 1 resources: requests: cpu: 500m memory: 2048Mi rollingMaxSurge: 100% rollingMaxUnavailable: 25% tag: "" tolerations: [] traceSampling: 1 mesh: |- # Set enableTracing to false to disable request tracing. enableTracing: true # Set accessLogFile to empty string to disable access log. accessLogFile: "" accessLogFormat: "" accessLogEncoding: 'TEXT' enableEnvoyAccessLogService: false # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server reportBatchMaxEntries: 100 # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server reportBatchMaxTime: 1s disableMixerHttpReports: true # Set the following variable to true to disable policy checks by the Mixer. # Note that metrics will still be reported to the Mixer. disablePolicyChecks: true # Automatic protocol detection uses a set of heuristics to # determine whether the connection is using TLS or not (on the # server side), as well as the application protocol being used # (e.g., http vs tcp). These heuristics rely on the client sending # the first bits of data. For server first protocols like MySQL, # MongoDB, etc., Envoy will timeout on the protocol detection after # the specified period, defaulting to non mTLS plain TCP # traffic. Set this field to tweak the period that Envoy will wait # for the client to send the first bits of data. (MUST BE >=1ms) protocolDetectionTimeout: 100ms # This is the k8s ingress service name, update if you used a different name ingressService: "istio-ingressgateway" ingressControllerMode: "STRICT" ingressClass: "istio" # The trust domain corresponds to the trust root of a system. # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain trustDomain: "cluster.local" # The trust domain aliases represent the aliases of trust_domain. # For example, if we have # trustDomain: td1 # trustDomainAliases: [“td2”, "td3"] # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. trustDomainAliases: # Used by pilot-agent sdsUdsPath: "unix:/etc/istio/proxy/SDS" # If true, automatically configure client side mTLS settings to match the corresponding service's # server side mTLS authentication policy, when destination rule for that service does not specify # TLS settings. enableAutoMtls: true outboundTrafficPolicy: mode: ALLOW_ANY localityLbSetting: enabled: true # Configures DNS certificates provisioned through Chiron linked into Pilot. # The DNS certificate provisioning is enabled by default now so it get tested. # TODO (lei-tang): we'll decide whether enable it by default or not before Istio 1.4 Release. certificates: [] defaultConfig: # # TCP connection timeout between Envoy & the application, and between Envoys. connectTimeout: 10s # ### ADVANCED SETTINGS ############# # Where should envoy's configuration be stored in the istio-proxy container configPath: "/etc/istio/proxy" # The pseudo service name used for Envoy. serviceCluster: istio-proxy # These settings that determine how long an old Envoy # process should be kept alive after an occasional reload. drainDuration: 45s parentShutdownDuration: 1m0s # # Port where Envoy listens (on local host) for admin commands # You can exec into the istio-proxy container in a pod and # curl the admin port (curl http://localhost:15000/) to obtain # diagnostic information from Envoy. See # https://lyft.github.io/envoy/docs/operations/admin.html # for more details proxyAdminPort: 15000 # # Set concurrency to a specific number to control the number of Proxy worker threads. # If set to 0 (default), then start worker thread for each CPU thread/core. concurrency: 2 # tracing: zipkin: # Address of the Zipkin collector address: zipkin.istio-system:9411 # If port is 15012, will use SDS. # controlPlaneAuthPolicy is for mounted secrets, will wait for the files. controlPlaneAuthPolicy: NONE discoveryAddress: istiod.istio-system.svc:15012 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: istiod istio: pilot release: istio name: istiod namespace: istio-system spec: selector: matchLabels: istio: pilot strategy: rollingUpdate: maxSurge: 100% maxUnavailable: 25% template: metadata: annotations: sidecar.istio.io/inject: "false" labels: app: istiod istio: pilot spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - ppc64le weight: 2 - preference: matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - s390x weight: 2 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: beta.kubernetes.io/arch operator: In values: - amd64 - ppc64le - s390x containers: - args: - discovery - --monitoringAddr=:15014 - --log_output_level=default:info - --domain - cluster.local - --secureGrpcAddr=:15011 - --trust-domain=cluster.local - --keepaliveMaxServerConnectionAge - 30m - --disable-install-crds=true env: - name: JWT_POLICY value: third-party-jwt - name: PILOT_CERT_PROVIDER value: istiod - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: PILOT_HTTP10 value: "1" - name: PILOT_TRACE_SAMPLING value: "1" - name: CONFIG_NAMESPACE value: istio-config - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND value: "true" - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND value: "true" - name: INJECTION_WEBHOOK_CONFIG_NAME value: istio-sidecar-injector - name: ISTIOD_ADDR value: istiod.istio-system.svc:15012 - name: PILOT_EXTERNAL_GALLEY value: "false" - name: CLUSTER_ID value: Kubernetes envFrom: - configMapRef: name: istiod optional: true image: docker.io/istio/pilot:1.5.1 imagePullPolicy: IfNotPresent name: discovery ports: - containerPort: 8080 - containerPort: 15010 - containerPort: 15017 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 resources: requests: cpu: 500m memory: 2048Mi securityContext: capabilities: drop: - ALL runAsGroup: 1337 runAsNonRoot: true runAsUser: 1337 volumeMounts: - mountPath: /etc/istio/config name: config-volume - mountPath: /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true - mountPath: /var/lib/istio/inject name: inject readOnly: true - mountPath: /var/lib/istio/local name: istiod readOnly: true securityContext: fsGroup: 1337 serviceAccountName: istiod-service-account volumes: - emptyDir: medium: Memory name: local-certs - name: istio-token projected: sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - configMap: name: istiod optional: true name: istiod - name: cacerts secret: optional: true secretName: cacerts - configMap: name: istio-sidecar-injector optional: true name: inject - configMap: name: istio name: config-volume - configMap: name: pilot-envoy-config name: pilot-envoy-config --- apiVersion: "authentication.istio.io/v1alpha1" kind: "MeshPolicy" metadata: name: "default" labels: release: istio spec: peers: - mtls: {} --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: "api-server" namespace: istio-system labels: release: istio spec: host: "kubernetes.default.svc.cluster.local" trafficPolicy: tls: mode: DISABLE --- apiVersion: v1 kind: ConfigMap metadata: name: istio-sidecar-injector namespace: istio-system labels: release: istio data: values: |- { "global": { "arch": { "amd64": 2, "ppc64le": 2, "s390x": 2 }, "certificates": [], "configNamespace": "istio-system", "configValidation": true, "controlPlaneSecurityEnabled": true, "defaultNodeSelector": {}, "defaultPodDisruptionBudget": { "enabled": true }, "defaultResources": { "requests": { "cpu": "10m" } }, "disablePolicyChecks": true, "enableHelmTest": false, "enableTracing": true, "enabled": true, "hub": "docker.io/istio", "imagePullPolicy": "IfNotPresent", "imagePullSecrets": [], "istioNamespace": "istio-system", "istiod": { "enabled": true }, "jwtPolicy": "third-party-jwt", "k8sIngress": { "enableHttps": false, "enabled": false, "gatewayName": "ingressgateway" }, "localityLbSetting": { "enabled": true }, "logAsJson": false, "logging": { "level": "default:info" }, "meshExpansion": { "enabled": false, "useILB": false }, "meshNetworks": {}, "mountMtlsCerts": false, "mtls": { "auto": true, "enabled": true }, "multiCluster": { "clusterName": "", "enabled": false }, "namespace": "istio-system", "network": "", "omitSidecarInjectorConfigMap": false, "oneNamespace": false, "operatorManageWebhooks": false, "outboundTrafficPolicy": { "mode": "ALLOW_ANY" }, "pilotCertProvider": "istiod", "policyCheckFailOpen": false, "policyNamespace": "istio-system", "priorityClassName": "", "prometheusNamespace": "istio-system", "proxy": { "accessLogEncoding": "TEXT", "accessLogFile": "", "accessLogFormat": "", "autoInject": "enabled", "clusterDomain": "cluster.local", "componentLogLevel": "misc:error", "concurrency": 2, "dnsRefreshRate": "300s", "enableCoreDump": false, "envoyAccessLogService": { "enabled": false }, "envoyMetricsService": { "enabled": false, "tcpKeepalive": { "interval": "10s", "probes": 3, "time": "10s" }, "tlsSettings": { "mode": "DISABLE", "subjectAltNames": [] } }, "envoyStatsd": { "enabled": false }, "excludeIPRanges": "", "excludeInboundPorts": "", "excludeOutboundPorts": "", "image": "proxyv2", "includeIPRanges": "*", "includeInboundPorts": "*", "kubevirtInterfaces": "", "logLevel": "warning", "privileged": false, "protocolDetectionTimeout": "100ms", "readinessFailureThreshold": 30, "readinessInitialDelaySeconds": 1, "readinessPeriodSeconds": 2, "resources": { "limits": { "cpu": "2000m", "memory": "1024Mi" }, "requests": { "cpu": "100m", "memory": "128Mi" } }, "statusPort": 15020, "tracer": "zipkin" }, "proxy_init": { "image": "proxyv2", "resources": { "limits": { "cpu": "100m", "memory": "50Mi" }, "requests": { "cpu": "10m", "memory": "10Mi" } } }, "sds": { "enabled": false, "token": { "aud": "istio-ca" }, "udsPath": "" }, "securityNamespace": "istio-system", "sts": { "servicePort": 0 }, "tag": "1.5.1", "telemetryNamespace": "istio-system", "tracer": { "datadog": { "address": "$(HOST_IP):8126" }, "lightstep": { "accessToken": "", "address": "", "cacertPath": "", "secure": true }, "stackdriver": { "debug": false, "maxNumberOfAnnotations": 200, "maxNumberOfAttributes": 200, "maxNumberOfMessageEvents": 200 }, "zipkin": { "address": "" } }, "trustDomain": "cluster.local", "useMCP": false }, "istio_cni": { "enabled": false }, "sidecarInjectorWebhook": { "alwaysInjectSelector": [], "enableNamespacesByDefault": false, "enabled": false, "image": "sidecar_injector", "injectLabel": "istio-injection", "injectedAnnotations": {}, "namespace": "istio-system", "neverInjectSelector": [], "objectSelector": { "autoInject": true, "enabled": false }, "rewriteAppHTTPProbe": false, "selfSigned": false } } # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching # and istiod webhook functionality. # # New fields should not use Values - it is a 'primary' config object, users should be able # to fine tune it or use it with kube-inject. config: |- policy: enabled alwaysInjectSelector: [] neverInjectSelector: [] injectedAnnotations: # Configmap optimized for Istiod. Please DO NOT MERGE all changes from istio - in particular those dependent on # Values.yaml, which should not be used by istiod. # Istiod only uses SDS based config ( files will mapped/handled by SDS). template: | rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} initContainers: {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} {{ if .Values.istio_cni.enabled -}} - name: istio-validation {{ else -}} - name: istio-init {{ end -}} {{- if contains "/" .Values.global.proxy_init.image }} image: "{{ .Values.global.proxy_init.image }}" {{- else }} image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" {{- end }} command: - istio-iptables - "-p" - 15001 - "-z" - "15006" - "-u" - 1337 - "-m" - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - "-i" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - "-x" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - "-b" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - "-d" - "15090,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - "-o" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" {{ end -}} {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - "-k" - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" {{ end -}} {{ if .Values.istio_cni.enabled -}} - "--run-validation" - "--skip-rule-apply" {{ end -}} imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" {{- if .Values.global.proxy_init.resources }} resources: {{ toYaml .Values.global.proxy_init.resources | indent 4 }} {{- else }} resources: {} {{- end }} securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} privileged: {{ .Values.global.proxy.privileged }} capabilities: {{- if not .Values.istio_cni.enabled }} add: - NET_ADMIN - NET_RAW {{- end }} drop: - ALL readOnlyRootFilesystem: false {{- if not .Values.istio_cni.enabled }} runAsGroup: 0 runAsNonRoot: false runAsUser: 0 {{- else }} runAsGroup: 1337 runAsUser: 1337 runAsNonRoot: true {{- end }} restartPolicy: Always {{ end -}} {{- if eq .Values.global.proxy.enableCoreDump true }} - name: enable-core-dump args: - -c - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited command: - /bin/sh {{- if contains "/" .Values.global.proxy_init.image }} image: "{{ .Values.global.proxy_init.image }}" {{- else }} image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" {{- end }} imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" resources: {} securityContext: allowPrivilegeEscalation: true capabilities: add: - SYS_ADMIN drop: - ALL privileged: true readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 {{ end }} containers: - name: istio-proxy {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" {{- else }} image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" {{- end }} ports: - containerPort: 15090 protocol: TCP name: http-envoy-prom args: - proxy - sidecar - --domain - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - --configPath - "/etc/istio/proxy" - --binaryPath - "/usr/local/bin/envoy" - --serviceCluster {{ if ne "" (index .ObjectMeta.Labels "app") -}} - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" {{ else -}} - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" {{ end -}} - --drainDuration - "{{ formatDuration .ProxyConfig.DrainDuration }}" - --parentShutdownDuration - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" - --discoveryAddress - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" {{- if eq .Values.global.proxy.tracer "lightstep" }} - --lightstepAddress - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" - --lightstepAccessToken - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} - --lightstepCacertPath - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" {{- else if eq .Values.global.proxy.tracer "zipkin" }} - --zipkinAddress - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" {{- else if eq .Values.global.proxy.tracer "datadog" }} - --datadogAgentAddress - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" {{- end }} - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel}} - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel}} - --connectTimeout - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" {{- if .Values.global.proxy.envoyStatsd.enabled }} - --statsdUdpAddress - "{{ .ProxyConfig.StatsdUdpAddress }}" {{- end }} {{- if .Values.global.proxy.envoyMetricsService.enabled }} - --envoyMetricsService - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' {{- end }} {{- if .Values.global.proxy.envoyAccessLogService.enabled }} - --envoyAccessLogService - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' {{- end }} - --proxyAdminPort - "{{ .ProxyConfig.ProxyAdminPort }}" {{ if gt .ProxyConfig.Concurrency 0 -}} - --concurrency - "{{ .ProxyConfig.Concurrency }}" {{ end -}} {{- if .Values.global.istiod.enabled }} - --controlPlaneAuthPolicy - NONE {{- else if .Values.global.controlPlaneSecurityEnabled }} - --controlPlaneAuthPolicy - MUTUAL_TLS {{- else }} - --controlPlaneAuthPolicy - NONE {{- end }} - --dnsRefreshRate - {{ valueOrDefault .Values.global.proxy.dnsRefreshRate "300s" }} {{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} - --statusPort - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" {{- end }} {{- if .Values.global.sts.servicePort }} - --stsPort={{ .Values.global.sts.servicePort }} {{- end }} {{- if .Values.global.trustDomain }} - --trust-domain={{ .Values.global.trustDomain }} {{- end }} {{- if .Values.global.logAsJson }} - --log_as_json {{- end }} - --controlPlaneBootstrap=false {{- if .Values.global.proxy.lifecycle }} lifecycle: {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} {{- end }} env: - name: JWT_POLICY value: {{ .Values.global.jwtPolicy }} - name: PILOT_CERT_PROVIDER value: {{ .Values.global.pilotCertProvider }} # Temp, pending PR to make it default or based on the istiodAddr env - name: CA_ADDR {{- if .Values.global.caAddress }} value: {{ .Values.global.caAddress }} {{- else if .Values.global.configNamespace }} value: istio-pilot.{{ .Values.global.configNamespace }}.svc:15012 {{- else }} value: istio-pilot.istio-system.svc:15012 {{- end }} - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: INSTANCE_IP valueFrom: fieldRef: fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP {{- if eq .Values.global.proxy.tracer "datadog" }} {{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - name: {{ $key }} value: "{{ $value }}" {{- end }} {{- end }} {{- end }} - name: ISTIO_META_POD_PORTS value: |- [ {{- $first := true }} {{- range $index1, $c := .Spec.Containers }} {{- range $index2, $p := $c.Ports }} {{- if (structToJSON $p) }} {{if not $first}},{{end}}{{ structToJSON $p }} {{- $first = false }} {{- end }} {{- end}} {{- end}} ] - name: ISTIO_META_CLUSTER_ID value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - name: ISTIO_META_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ISTIO_META_CONFIG_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ISTIO_META_INTERCEPTION_MODE value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" {{- if .Values.global.network }} - name: ISTIO_META_NETWORK value: "{{ .Values.global.network }}" {{- end }} {{ if .ObjectMeta.Annotations }} - name: ISTIO_METAJSON_ANNOTATIONS value: | {{ toJSON .ObjectMeta.Annotations }} {{ end }} {{- if .DeploymentMeta.Name }} - name: ISTIO_META_WORKLOAD_NAME value: {{ .DeploymentMeta.Name }} {{ end }} {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - name: ISTIO_META_OWNER value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} {{- end}} {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - name: ISTIO_BOOTSTRAP_OVERRIDE value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" {{- end }} {{- if .Values.global.meshID }} - name: ISTIO_META_MESH_ID value: "{{ .Values.global.meshID }}" {{- else if .Values.global.trustDomain }} - name: ISTIO_META_MESH_ID value: "{{ .Values.global.trustDomain }}" {{- end }} {{- if eq .Values.global.proxy.tracer "stackdriver" }} - name: STACKDRIVER_TRACING_ENABLED value: "true" - name: STACKDRIVER_TRACING_DEBUG value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations.Value }}" - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes.Value }}" - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents.Value }}" {{- end }} {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - name: {{ $key }} value: "{{ $value }}" {{- end }} {{- end }} {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - name: {{ $key }} value: "{{ $value }}" {{- end }} imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} readinessProbe: httpGet: path: /healthz/ready port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} {{ end -}} securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - NET_BIND_SERVICE {{- end }} {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} runAsNonRoot: true runAsUser: 1337 {{- end }} resources: {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} requests: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" {{ end}} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" {{ end }} {{ else -}} {{- if .Values.global.proxy.resources }} {{ toYaml .Values.global.proxy.resources | indent 4 }} {{- end }} {{ end -}} volumeMounts: {{- if eq .Values.global.pilotCertProvider "istiod" }} - mountPath: /var/run/secrets/istio name: istiod-ca-cert {{- end }} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - mountPath: /etc/istio/custom-bootstrap name: custom-bootstrap-volume {{- end }} # SDS channel between istioagent and Envoy - mountPath: /etc/istio/proxy name: istio-envoy {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - mountPath: /var/run/secrets/tokens name: istio-token {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - mountPath: /etc/certs/ name: istio-certs readOnly: true {{- end }} - name: podinfo mountPath: /etc/istio/pod {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} name: lightstep-certs readOnly: true {{- end }} {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - name: "{{ $index }}" {{ toYaml $value | indent 4 }} {{ end }} {{- end }} volumes: {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - name: custom-bootstrap-volume configMap: name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} {{- end }} # SDS channel between istioagent and Envoy - emptyDir: medium: Memory name: istio-envoy - name: podinfo downwardAPI: items: - path: "labels" fieldRef: fieldPath: metadata.labels - path: "annotations" fieldRef: fieldPath: metadata.annotations {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - name: istio-token projected: sources: - serviceAccountToken: path: istio-token expirationSeconds: 43200 audience: {{ .Values.global.sds.token.aud }} {{- end }} {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: name: istio-ca-root-cert {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - name: istio-certs secret: optional: true {{ if eq .Spec.ServiceAccountName "" }} secretName: istio.default {{ else -}} secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} {{ end -}} {{- end }} {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - name: "{{ $index }}" {{ toYaml $value | indent 2 }} {{ end }} {{ end }} {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} - name: lightstep-certs secret: optional: true secretName: lightstep.cacert {{- end }} {{- if .Values.global.podDNSSearchNamespaces }} dnsConfig: searches: {{- range .Values.global.podDNSSearchNamespaces }} - {{ render . }} {{- end }} {{- end }} podRedirectAnnot: sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" {{- end }} traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: name: istio-sidecar-injector labels: app: sidecar-injector release: istio webhooks: - name: sidecar-injector.istio.io clientConfig: service: name: istiod namespace: istio-system path: "/inject" caBundle: "" rules: - operations: [ "CREATE" ] apiGroups: [""] apiVersions: ["v1"] resources: ["pods"] failurePolicy: Fail namespaceSelector: matchLabels: istio-injection: enabled --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: istiod namespace: istio-system labels: app: istiod release: istio istio: pilot spec: minAvailable: 1 selector: matchLabels: app: istiod release: istio istio: pilot --- apiVersion: v1 kind: Service metadata: name: istio-pilot namespace: istio-system labels: app: pilot release: istio istio: pilot spec: ports: - port: 15010 name: grpc-xds # direct - port: 15011 name: https-xds # mTLS - port: 15012 name: https-dns # mTLS with k8s-signed cert - port: 8080 name: http-legacy-discovery # direct - port: 15014 name: http-monitoring - port: 443 name: https-webhook # validation and injection targetPort: 15017 selector: istio: pilot --- apiVersion: v1 kind: Service metadata: name: istiod namespace: istio-system labels: app: istiod release: istio spec: ports: - port: 15012 name: https-dns # mTLS with k8s-signed cert - port: 443 name: https-webhook # validation and injection targetPort: 15017 selector: app: istiod # Label used by the 'default' service. For versioned deployments we match with app and version. # This avoids default deployment picking the canary istio: pilot --- apiVersion: v1 kind: ServiceAccount metadata: name: istiod-service-account namespace: istio-system labels: app: istiod release: istio --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: metadata-exchange-1.4 namespace: istio-system spec: configPatches: - applyTo: HTTP_FILTER match: context: ANY # inbound, outbound, and gateway proxy: proxyVersion: '^1\.4.*' listener: filterChain: filter: name: "envoy.http_connection_manager" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm config: config: configuration: envoy.wasm.metadata_exchange vm_config: runtime: envoy.wasm.runtime.null code: inline_string: envoy.wasm.metadata_exchange --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: stats-filter-1.4 namespace: istio-system spec: configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.4.*' listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm config: config: root_id: stats_outbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.4.*' listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm config: config: root_id: stats_inbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_inbound runtime: envoy.wasm.runtime.null code: inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.4.*' listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm config: config: root_id: stats_outbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: inline_string: envoy.wasm.stats --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: metadata-exchange-1.5 namespace: istio-system spec: configPatches: - applyTo: HTTP_FILTER match: context: ANY # inbound, outbound, and gateway proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.http_connection_manager" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm value: config: configuration: envoy.wasm.metadata_exchange vm_config: runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.metadata_exchange --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-metadata-exchange-1.5 namespace: istio-system spec: configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.5.*' listener: {} patch: operation: INSERT_BEFORE value: name: envoy.filters.network.metadata_exchange config: protocol: istio-peer-exchange - applyTo: CLUSTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.5.*' cluster: {} patch: operation: MERGE value: filters: - name: envoy.filters.network.upstream.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange value: protocol: istio-peer-exchange - applyTo: CLUSTER match: context: GATEWAY proxy: proxyVersion: '^1\.5.*' cluster: {} patch: operation: MERGE value: filters: - name: envoy.filters.network.upstream.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange value: protocol: istio-peer-exchange --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: stats-filter-1.5 namespace: istio-system spec: configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm value: config: root_id: stats_outbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm value: config: root_id: stats_inbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_inbound runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.http_connection_manager" subFilter: name: "envoy.router" patch: operation: INSERT_BEFORE value: name: envoy.filters.http.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm value: config: root_id: stats_outbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.stats --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-stats-filter-1.5 namespace: istio-system spec: configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.tcp_proxy" patch: operation: INSERT_BEFORE value: name: envoy.filters.network.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.network.wasm.v2.Wasm value: config: root_id: stats_inbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_inbound runtime: envoy.wasm.runtime.null code: local: inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.tcp_proxy" patch: operation: INSERT_BEFORE value: name: envoy.filters.network.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.network.wasm.v2.Wasm value: config: root_id: stats_outbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.5.*' listener: filterChain: filter: name: "envoy.tcp_proxy" patch: operation: INSERT_BEFORE value: name: envoy.filters.network.wasm typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.config.filter.network.wasm.v2.Wasm value: config: root_id: stats_outbound configuration: | { "debug": "false", "stat_prefix": "istio", } vm_config: vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: inline_string: "envoy.wasm.stats" --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: name: istiod-istio-system labels: app: istiod release: istio istio: istiod webhooks: - name: validation.istio.io clientConfig: service: name: istiod namespace: istio-system path: "/validate" caBundle: "" # patched at runtime when the webhook is ready. rules: - operations: - CREATE - UPDATE apiGroups: - config.istio.io - rbac.istio.io - security.istio.io - authentication.istio.io - networking.istio.io apiVersions: - "*" resources: - "*" # Fail open until the validation webhook is ready. The webhook controller # will update this to `Fail` and patch in the `caBundle` when the webhook # endpoint is ready. failurePolicy: Ignore sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: name: istio-galley labels: app: galley release: istio istio: galley webhooks: --- # Policy component is disabled. # SidecarInjector component is disabled. # Telemetry component is disabled.