{{- if or (.Values.policy.enabled) (.Values.telemetry.enabled) }} apiVersion: "config.istio.io/v1alpha2" kind: attributemanifest metadata: name: istioproxy namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: attributes: origin.ip: valueType: IP_ADDRESS origin.uid: valueType: STRING origin.user: valueType: STRING request.headers: valueType: STRING_MAP request.id: valueType: STRING request.host: valueType: STRING request.method: valueType: STRING request.path: valueType: STRING request.url_path: valueType: STRING request.query_params: valueType: STRING_MAP request.reason: valueType: STRING request.referer: valueType: STRING request.scheme: valueType: STRING request.total_size: valueType: INT64 request.size: valueType: INT64 request.time: valueType: TIMESTAMP request.useragent: valueType: STRING response.code: valueType: INT64 response.duration: valueType: DURATION response.headers: valueType: STRING_MAP response.total_size: valueType: INT64 response.size: valueType: INT64 response.time: valueType: TIMESTAMP response.grpc_status: valueType: STRING response.grpc_message: valueType: STRING source.uid: valueType: STRING source.user: # DEPRECATED valueType: STRING source.principal: valueType: STRING destination.uid: valueType: STRING destination.principal: valueType: STRING destination.port: valueType: INT64 connection.event: valueType: STRING connection.id: valueType: STRING connection.received.bytes: valueType: INT64 connection.received.bytes_total: valueType: INT64 connection.sent.bytes: valueType: INT64 connection.sent.bytes_total: valueType: INT64 connection.duration: valueType: DURATION connection.mtls: valueType: BOOL connection.requested_server_name: valueType: STRING context.protocol: valueType: STRING context.proxy_error_code: valueType: STRING context.timestamp: valueType: TIMESTAMP context.time: valueType: TIMESTAMP # Deprecated, kept for compatibility context.reporter.local: valueType: BOOL context.reporter.kind: valueType: STRING context.reporter.uid: valueType: STRING api.service: valueType: STRING api.version: valueType: STRING api.operation: valueType: STRING api.protocol: valueType: STRING request.auth.principal: valueType: STRING request.auth.audiences: valueType: STRING request.auth.presenter: valueType: STRING request.auth.claims: valueType: STRING_MAP request.auth.raw_claims: valueType: STRING request.api_key: valueType: STRING rbac.permissive.response_code: valueType: STRING rbac.permissive.effective_policy_id: valueType: STRING check.error_code: valueType: INT64 check.error_message: valueType: STRING check.cache_hit: valueType: BOOL quota.cache_hit: valueType: BOOL context.proxy_version: valueType: STRING --- apiVersion: "config.istio.io/v1alpha2" kind: attributemanifest metadata: name: kubernetes namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: attributes: source.ip: valueType: IP_ADDRESS source.labels: valueType: STRING_MAP source.metadata: valueType: STRING_MAP source.name: valueType: STRING source.namespace: valueType: STRING source.owner: valueType: STRING source.serviceAccount: valueType: STRING source.services: valueType: STRING source.workload.uid: valueType: STRING source.workload.name: valueType: STRING source.workload.namespace: valueType: STRING destination.ip: valueType: IP_ADDRESS destination.labels: valueType: STRING_MAP destination.metadata: valueType: STRING_MAP destination.owner: valueType: STRING destination.name: valueType: STRING destination.container.name: valueType: STRING destination.namespace: valueType: STRING destination.service.uid: valueType: STRING destination.service.name: valueType: STRING destination.service.namespace: valueType: STRING destination.service.host: valueType: STRING destination.serviceAccount: valueType: STRING destination.workload.uid: valueType: STRING destination.workload.name: valueType: STRING destination.workload.namespace: valueType: STRING --- {{- if and .Values.adapters.stdio.enabled .Values.telemetry.enabled }} apiVersion: "config.istio.io/v1alpha2" kind: handler metadata: name: stdio namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledAdapter: stdio params: outputAsJson: {{ .Values.adapters.stdio.outputAsJson }} --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: accesslog namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: logentry params: severity: '"Info"' timestamp: request.time variables: sourceIp: source.ip | ip("0.0.0.0") sourceApp: source.labels["app"] | "" sourcePrincipal: source.principal | "" sourceName: source.name | "" sourceWorkload: source.workload.name | "" sourceNamespace: source.namespace | "" sourceOwner: source.owner | "" destinationApp: destination.labels["app"] | "" destinationIp: destination.ip | ip("0.0.0.0") destinationServiceHost: destination.service.host | request.host | "" destinationWorkload: destination.workload.name | "" destinationName: destination.name | "" destinationNamespace: destination.namespace | "" destinationOwner: destination.owner | "" destinationPrincipal: destination.principal | "" apiClaims: request.auth.raw_claims | "" apiKey: request.api_key | request.headers["x-api-key"] | "" protocol: api.protocol | context.protocol | "http" method: request.method | "" url: request.path | "" responseCode: response.code | 0 responseFlags: context.proxy_error_code | "" responseSize: response.size | 0 permissiveResponseCode: rbac.permissive.response_code | "none" permissiveResponsePolicyID: rbac.permissive.effective_policy_id | "none" requestSize: request.size | 0 requestId: request.headers["x-request-id"] | "" clientTraceId: request.headers["x-client-trace-id"] | "" latency: response.duration | "0ms" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) requestedServerName: connection.requested_server_name | "" userAgent: request.useragent | "" responseTimestamp: response.time receivedBytes: request.total_size | 0 sentBytes: response.total_size | 0 referer: request.referer | "" httpAuthority: request.headers[":authority"] | request.host | "" xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0" reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") grpcStatus: response.grpc_status | "" grpcMessage: response.grpc_message | "" monitored_resource_type: '"global"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: tcpaccesslog namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: logentry params: severity: '"Info"' timestamp: context.time | timestamp("2017-01-01T00:00:00Z") variables: connectionEvent: connection.event | "" sourceIp: source.ip | ip("0.0.0.0") sourceApp: source.labels["app"] | "" sourcePrincipal: source.principal | "" sourceName: source.name | "" sourceWorkload: source.workload.name | "" sourceNamespace: source.namespace | "" sourceOwner: source.owner | "" destinationApp: destination.labels["app"] | "" destinationIp: destination.ip | ip("0.0.0.0") destinationServiceHost: destination.service.host | "" destinationWorkload: destination.workload.name | "" destinationName: destination.name | "" destinationNamespace: destination.namespace | "" destinationOwner: destination.owner | "" destinationPrincipal: destination.principal | "" protocol: context.protocol | "tcp" connectionDuration: connection.duration | "0ms" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) requestedServerName: connection.requested_server_name | "" receivedBytes: connection.received.bytes | 0 sentBytes: connection.sent.bytes | 0 totalReceivedBytes: connection.received.bytes_total | 0 totalSentBytes: connection.sent.bytes_total | 0 reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") responseFlags: context.proxy_error_code | "" monitored_resource_type: '"global"' --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: stdio namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: context.protocol == "http" || context.protocol == "grpc" actions: - handler: stdio instances: - accesslog --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: stdiotcp namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: context.protocol == "tcp" actions: - handler: stdio instances: - tcpaccesslog {{- end }} --- {{- if and .Values.adapters.prometheus.enabled .Values.telemetry.enabled }} apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: requestcount namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: "1" dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" request_protocol: api.protocol | context.protocol | "unknown" response_code: response.code | 200 grpc_response_status: response.grpc_status | "" response_flags: context.proxy_error_code | "-" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: requestduration namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: response.duration | "0ms" dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" request_protocol: api.protocol | context.protocol | "unknown" response_code: response.code | 200 grpc_response_status: response.grpc_status | "" response_flags: context.proxy_error_code | "-" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: requestsize namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: request.size | 0 dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" request_protocol: api.protocol | context.protocol | "unknown" response_code: response.code | 200 grpc_response_status: response.grpc_status | "" response_flags: context.proxy_error_code | "-" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: responsesize namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: response.size | 0 dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" request_protocol: api.protocol | context.protocol | "unknown" response_code: response.code | 200 grpc_response_status: response.grpc_status | "" response_flags: context.proxy_error_code | "-" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: tcpbytesent namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: connection.sent.bytes | 0 dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | "unknown" destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) response_flags: context.proxy_error_code | "-" monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: tcpbytereceived namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: connection.received.bytes | 0 dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | "unknown" destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) response_flags: context.proxy_error_code | "-" monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: tcpconnectionsopened namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: "1" dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | "unknown" destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) response_flags: context.proxy_error_code | "-" monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: tcpconnectionsclosed namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: metric params: value: "1" dimensions: reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") source_workload: source.workload.name | "unknown" source_workload_namespace: source.workload.namespace | "unknown" source_principal: source.principal | "unknown" source_app: source.labels["app"] | "unknown" source_version: source.labels["version"] | "unknown" destination_workload: destination.workload.name | "unknown" destination_workload_namespace: destination.workload.namespace | "unknown" destination_principal: destination.principal | "unknown" destination_app: destination.labels["app"] | "unknown" destination_version: destination.labels["version"] | "unknown" destination_service: destination.service.host | "unknown" destination_service_name: destination.service.name | "unknown" destination_service_namespace: destination.service.namespace | "unknown" connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) response_flags: context.proxy_error_code | "-" monitored_resource_type: '"UNSPECIFIED"' --- apiVersion: "config.istio.io/v1alpha2" kind: handler metadata: name: prometheus namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledAdapter: prometheus params: metricsExpirationPolicy: metricsExpiryDuration: "{{ .Values.adapters.prometheus.metricsExpiryDuration }}" metrics: - name: requests_total instance_name: requestcount.instance.{{ .Release.Namespace }} kind: COUNTER label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - request_protocol - response_code - grpc_response_status - response_flags - connection_security_policy - name: request_duration_seconds instance_name: requestduration.instance.{{ .Release.Namespace }} kind: DISTRIBUTION label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - request_protocol - response_code - grpc_response_status - response_flags - connection_security_policy buckets: explicit_buckets: bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] - name: request_bytes instance_name: requestsize.instance.{{ .Release.Namespace }} kind: DISTRIBUTION label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - request_protocol - response_code - grpc_response_status - response_flags - connection_security_policy buckets: exponentialBuckets: numFiniteBuckets: 8 scale: 1 growthFactor: 10 - name: response_bytes instance_name: responsesize.instance.{{ .Release.Namespace }} kind: DISTRIBUTION label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - request_protocol - response_code - grpc_response_status - response_flags - connection_security_policy buckets: exponentialBuckets: numFiniteBuckets: 8 scale: 1 growthFactor: 10 - name: tcp_sent_bytes_total instance_name: tcpbytesent.instance.{{ .Release.Namespace }} kind: COUNTER label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - connection_security_policy - response_flags - name: tcp_received_bytes_total instance_name: tcpbytereceived.instance.{{ .Release.Namespace }} kind: COUNTER label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - connection_security_policy - response_flags - name: tcp_connections_opened_total instance_name: tcpconnectionsopened.instance.{{ .Release.Namespace }} kind: COUNTER label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - connection_security_policy - response_flags - name: tcp_connections_closed_total instance_name: tcpconnectionsclosed.instance.{{ .Release.Namespace }} kind: COUNTER label_names: - reporter - source_app - source_principal - source_workload - source_workload_namespace - source_version - destination_app - destination_principal - destination_workload - destination_workload_namespace - destination_version - destination_service - destination_service_name - destination_service_namespace - connection_security_policy - response_flags --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: promhttp namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) actions: - handler: prometheus instances: - requestcount - requestduration - requestsize - responsesize --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: promtcp namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: context.protocol == "tcp" actions: - handler: prometheus instances: - tcpbytesent - tcpbytereceived --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: promtcpconnectionopen namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: context.protocol == "tcp" && ((connection.event | "na") == "open") actions: - handler: prometheus instances: - tcpconnectionsopened --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: promtcpconnectionclosed namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: context.protocol == "tcp" && ((connection.event | "na") == "close") actions: - handler: prometheus instances: - tcpconnectionsclosed {{- end }} --- {{- if and .Values.adapters.kubernetesenv.enabled (or .Values.policy.enabled .Values.telemetry.enabled) }} apiVersion: "config.istio.io/v1alpha2" kind: handler metadata: name: kubernetesenv namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledAdapter: kubernetesenv params: {} # when running from mixer root, use the following config after adding a # symbolic link to a kubernetes config file via: # # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig # # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: kubeattrgenrulerule namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: actions: - handler: kubernetesenv instances: - attributes --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: tcpkubeattrgenrulerule namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: match: context.protocol == "tcp" actions: - handler: kubernetesenv instances: - attributes --- apiVersion: "config.istio.io/v1alpha2" kind: instance metadata: name: attributes namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: compiledTemplate: kubernetes params: # Pass the required attribute data to the adapter source_uid: source.uid | "" source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr destination_uid: destination.uid | "" destination_port: destination.port | 0 attributeBindings: # Fill the new attributes from the adapter produced output. # $out refers to an instance of OutputTemplate message source.ip: $out.source_pod_ip | ip("0.0.0.0") source.uid: $out.source_pod_uid | "unknown" source.labels: $out.source_labels | emptyStringMap() source.name: $out.source_pod_name | "unknown" source.namespace: $out.source_namespace | "default" source.owner: $out.source_owner | "unknown" source.serviceAccount: $out.source_service_account_name | "unknown" source.workload.uid: $out.source_workload_uid | "unknown" source.workload.name: $out.source_workload_name | "unknown" source.workload.namespace: $out.source_workload_namespace | "unknown" destination.ip: $out.destination_pod_ip | ip("0.0.0.0") destination.uid: $out.destination_pod_uid | "unknown" destination.labels: $out.destination_labels | emptyStringMap() destination.name: $out.destination_pod_name | "unknown" destination.container.name: $out.destination_container_name | "unknown" destination.namespace: $out.destination_namespace | "default" destination.owner: $out.destination_owner | "unknown" destination.serviceAccount: $out.destination_service_account_name | "unknown" destination.workload.uid: $out.destination_workload_uid | "unknown" destination.workload.name: $out.destination_workload_name | "unknown" destination.workload.namespace: $out.destination_workload_namespace | "unknown" {{- end }} --- {{- if .Values.policy.enabled }} # Configuration needed by Mixer. # Mixer cluster is delivered via CDS # Specify mixer cluster settings apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: istio-policy namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: host: istio-policy.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} {{- if .Values.global.defaultConfigVisibilitySettings }} exportTo: - '*' {{- end }} trafficPolicy: portLevelSettings: - port: number: 15004 # grpc-mixer-mtls tls: mode: ISTIO_MUTUAL - port: number: 9091 # grpc-mixer tls: mode: DISABLE connectionPool: http: http2MaxRequests: 10000 maxRequestsPerConnection: 10000 {{- end }} --- {{- if .Values.telemetry.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: istio-telemetry namespace: {{ .Release.Namespace }} labels: app: {{ template "mixer.name" . }} chart: {{ template "mixer.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: host: istio-telemetry.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} {{- if .Values.global.defaultConfigVisibilitySettings }} exportTo: - '*' {{- end }} trafficPolicy: portLevelSettings: - port: number: 15004 # grpc-mixer-mtls tls: mode: ISTIO_MUTUAL - port: number: 9091 # grpc-mixer tls: mode: DISABLE connectionPool: http: http2MaxRequests: 10000 maxRequestsPerConnection: 10000 {{- end }} --- {{- end }}