Skip to content

Instantly share code, notes, and snippets.

@dumindu
Created June 22, 2020 16:35
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save dumindu/200053ef458716bc39b40a0aa78cfde6 to your computer and use it in GitHub Desktop.
# Resources for AddonComponents grafana component
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana-configuration-dashboards-istio-mesh-dashboard
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
istio-mesh-dashboard.json: '{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"id": null,
"links": [],
"panels": [
{
"content": "<div>\n <div style=\"position: absolute; bottom: 0\">\n <a href=\"https://istio.io\" target=\"_blank\" style=\"font-size: 30px; text-decoration: none; color: inherit\"><img src=\"https://istio.io/img/istio-logo.svg\" style=\"height: 50px\"> Istio</a>\n </div>\n <div style=\"position: absolute; bottom: 0; right: 0; font-size: 15px\">\n Istio is an <a href=\"https://github.com/istio/istio\" target=\"_blank\">open platform</a> that provides a uniform way to connect,\n <a href=\"https://istio.io/docs/concepts/traffic-management/overview.html\" target=\"_blank\">manage</a>, and \n <a href=\"https://istio.io/docs/concepts/network-and-auth/auth.html\" target=\"_blank\">secure</a> microservices.\n <br>\n Need help? Join the <a href=\"https://istio.io/community/\" target=\"_blank\">Istio community</a>.\n </div>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 0
},
"height": "50px",
"id": 13,
"links": [],
"mode": "html",
"style": {
"font-size": "18pt"
},
"title": "",
"transparent": true,
"type": "text"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "ops",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 0,
"y": 3
},
"id": 20,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{reporter=\"destination\"}[1m])), 0.001)",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "",
"title": "Global Request Volume",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 80,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": false
},
"gridPos": {
"h": 3,
"w": 6,
"x": 6,
"y": 3
},
"id": 21,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "95, 99, 99.5",
"title": "Global Success Rate (non-5xx responses)",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "ops",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 12,
"y": 3
},
"id": 22,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"4.*\"}[1m])) ",
"format": "time_series",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "",
"title": "4xxs",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "ops",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 18,
"y": 3
},
"id": 23,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\", response_code=~\"5.*\"}[1m])) ",
"format": "time_series",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "",
"title": "5xxs",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 0,
"y": 6
},
"id": 113,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "avg(galley_istio_networking_virtualservices)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Virtual Services",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 6,
"y": 6
},
"id": 114,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "avg(galley_istio_networking_destinationrules)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Destination Rules",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 12,
"y": 6
},
"id": 115,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "avg(galley_istio_networking_gateways)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Gateways",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 3,
"w": 6,
"x": 18,
"y": 6
},
"id": 116,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "avg(galley_istio_authentication_meshpolicies)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Authentication Mesh Policies",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"columns": [],
"datasource": "Prometheus",
"fontSize": "100%",
"gridPos": {
"h": 21,
"w": 24,
"x": 0,
"y": 9
},
"hideTimeOverride": false,
"id": 73,
"links": [],
"pageSize": null,
"repeat": null,
"repeatDirection": "v",
"scroll": true,
"showHeader": true,
"sort": {
"col": 4,
"desc": true
},
"styles": [
{
"alias": "Workload",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Workload dashboard",
"linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_2&var-workload=$__cell_",
"pattern": "destination_workload",
"preserveFormat": false,
"sanitize": false,
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Time",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Requests",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #A",
"thresholds": [],
"type": "number",
"unit": "ops"
},
{
"alias": "P50 Latency",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #B",
"thresholds": [],
"type": "number",
"unit": "s"
},
{
"alias": "P90 Latency",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #D",
"thresholds": [],
"type": "number",
"unit": "s"
},
{
"alias": "P99 Latency",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #E",
"thresholds": [],
"type": "number",
"unit": "s"
},
{
"alias": "Success Rate",
"colorMode": "cell",
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #F",
"thresholds": [
".95",
" 1.00"
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Workload",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "$__cell dashboard",
"linkUrl": "/dashboard/db/istio-workload-dashboard?var-workload=$__cell_2&var-namespace=$__cell_3",
"pattern": "destination_workload_var",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Service",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "$__cell dashboard",
"linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell",
"pattern": "destination_service",
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "destination_workload_namespace",
"thresholds": [],
"type": "hidden",
"unit": "short"
}
],
"targets": [
{
"expr": "label_join(sum(rate(istio_requests_total{reporter=\"destination\", response_code=\"200\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}",
"refId": "A"
},
{
"expr": "label_join((histogram_quantile(0.50, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.50, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload}}.{{ destination_workload_namespace }}",
"refId": "B"
},
{
"expr": "label_join((histogram_quantile(0.90, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.90, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}",
"refId": "D"
},
{
"expr": "label_join((histogram_quantile(0.99, sum(rate(istio_request_duration_milliseconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)) / 1000) or histogram_quantile(0.99, sum(rate(istio_request_duration_seconds_bucket{reporter=\"destination\"}[1m])) by (le, destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}",
"refId": "E"
},
{
"expr": "label_join((sum(rate(istio_requests_total{reporter=\"destination\", response_code!~\"5.*\"}[1m])) by (destination_workload, destination_workload_namespace) / sum(rate(istio_requests_total{reporter=\"destination\"}[1m])) by (destination_workload, destination_workload_namespace)), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}",
"refId": "F"
}
],
"timeFrom": null,
"title": "HTTP/GRPC Workloads",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "Prometheus",
"fontSize": "100%",
"gridPos": {
"h": 18,
"w": 24,
"x": 0,
"y": 30
},
"hideTimeOverride": false,
"id": 109,
"links": [],
"pageSize": null,
"repeatDirection": "v",
"scroll": true,
"showHeader": true,
"sort": {
"col": 2,
"desc": true
},
"styles": [
{
"alias": "Workload",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "$__cell dashboard",
"linkUrl": "/dashboard/db/istio-tcp-workload-dashboard?var-namespace=$__cell_2&&var-workload=$__cell",
"pattern": "destination_workload",
"preserveFormat": false,
"sanitize": false,
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Bytes Sent",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #A",
"thresholds": [
""
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Bytes Received",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Value #C",
"thresholds": [],
"type": "number",
"unit": "Bps"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "Time",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Workload",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "$__cell dashboard",
"linkUrl": "/dashboard/db/istio-workload-dashboard?var-namespace=$__cell_3&var-workload=$__cell_2",
"pattern": "destination_workload_var",
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "destination_workload_namespace",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Service",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "$__cell dashboard",
"linkUrl": "/dashboard/db/istio-service-dashboard?var-service=$__cell",
"pattern": "destination_service",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"expr": "label_join(sum(rate(istio_tcp_received_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}",
"refId": "C"
},
{
"expr": "label_join(sum(rate(istio_tcp_sent_bytes_total{reporter=\"source\"}[1m])) by (destination_workload, destination_workload_namespace, destination_service), \"destination_workload_var\", \".\", \"destination_workload\", \"destination_workload_namespace\")",
"format": "table",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}",
"refId": "A"
}
],
"timeFrom": null,
"title": "TCP Workloads",
"transform": "table",
"type": "table"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 48
},
"id": 111,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(istio_build) by (component, tag)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ component }}: {{ tag }}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Istio Components by Version",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "5s",
"schemaVersion": 18,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Istio Mesh Dashboard",
"uid": "G8wLrJIZk",
"version": 5
}
'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana-configuration-dashboards-istio-performance-dashboard
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
istio-performance-dashboard.json: '{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"links": [],
"panels": [
{
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 21,
"panels": [
{
"content": "The charts on this dashboard are intended to show Istio main components cost in terms resources utilization under steady load.\n\n- **vCPU/1k rps:** shows vCPU utilization by the main Istio components normalized by 1000 requests/second. When idle or low traffic, this chart will be blank. The curve for istio-proxy refers to the services sidecars only.\n- **vCPU:** vCPU utilization by Istio components, not normalized.\n- **Memory:** memory footprint for the components. Telemetry and policy are normalized by 1k rps, and no data is shown when there is no traffic. For ingress and istio-proxy, the data is per instance.\n- **Bytes transferred/ sec:** shows the number of bytes flowing through each Istio component.\n\n\n",
"gridPos": {
"h": 6,
"w": 24,
"x": 0,
"y": 1
},
"id": 19,
"links": [],
"mode": "markdown",
"timeFrom": null,
"timeShift": null,
"title": "Performance Dashboard README",
"transparent": true,
"type": "text"
}
],
"title": "Performance Dashboard Notes",
"type": "row"
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 1
},
"id": 6,
"panels": [],
"title": "vCPU Usage",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 2
},
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "istio-telemetry",
"refId": "A"
},
{
"expr": "(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m])) / (round(sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m])), 0.001)/1000))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "istio-ingressgateway",
"refId": "B"
},
{
"expr": "(sum(irate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-proxy",
"refId": "C"
},
{
"expr": "(sum(irate(container_cpu_usage_seconds_total{pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))/ (round(sum(irate(istio_requests_total[1m])), 0.001)/1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-policy",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "vCPU / 1k rps",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 2
},
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(container_cpu_usage_seconds_total{pod=~\"istio-telemetry-.*\",container=~\"mixer|istio-proxy\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-telemetry",
"refId": "A"
},
{
"expr": "sum(rate(container_cpu_usage_seconds_total{pod=~\"istio-ingressgateway-.*\",container=\"istio-proxy\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-ingressgateway",
"refId": "B"
},
{
"expr": "sum(rate(container_cpu_usage_seconds_total{namespace!=\"istio-system\",container=\"istio-proxy\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-proxy",
"refId": "C"
},
{
"expr": "sum(rate(container_cpu_usage_seconds_total{pod=~\"istio-policy-.*\",container=~\"mixer|istio-proxy\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-policy",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "vCPU",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 10
},
"id": 13,
"panels": [],
"title": "Memory and Data Rates",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 11
},
"id": 902,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(sum(container_memory_usage_bytes{pod=~\"istio-telemetry-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000)) / (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-telemetry / 1k rps",
"refId": "A"
},
{
"expr": "sum(container_memory_usage_bytes{pod=~\"istio-ingressgateway-.*\"}) / count(container_memory_usage_bytes{pod=~\"istio-ingressgateway-.*\",container!=\"POD\"})",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "per istio-ingressgateway",
"refId": "B"
},
{
"expr": "sum(container_memory_usage_bytes{namespace!=\"istio-system\",container=\"istio-proxy\"}) / count(container_memory_usage_bytes{namespace!=\"istio-system\",container=\"istio-proxy\"})",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "per istio proxy",
"refId": "C"
},
{
"expr": "(sum(container_memory_usage_bytes{pod=~\"istio-policy-.*\"}) / (sum(irate(istio_requests_total[1m])) / 1000))/ (sum(irate(istio_requests_total{source_workload=\"istio-ingressgateway\"}[1m])) >bool 10)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-policy / 1k rps",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Memory Usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 11
},
"id": 11,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-telemetry\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-telemetry\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-telemetry",
"refId": "A"
},
{
"expr": "sum(irate(istio_response_bytes_sum{source_workload=\"istio-ingressgateway\", reporter=\"source\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-ingressgateway",
"refId": "B"
},
{
"expr": "sum(irate(istio_response_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_response_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m])) + sum(irate(istio_request_bytes_sum{source_workload_namespace!=\"istio-system\", reporter=\"source\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload_namespace!=\"istio-system\", reporter=\"destination\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio-proxy",
"refId": "C"
},
{
"expr": "sum(irate(istio_response_bytes_sum{destination_workload=\"istio-policy\"}[1m])) + sum(irate(istio_request_bytes_sum{destination_workload=\"istio-policy\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "istio_policy",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Bytes transferred / sec",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 19
},
"id": 17,
"panels": [],
"title": "Istio Component Versions",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 20
},
"id": 15,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(istio_build) by (component, tag)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ component }}: {{ tag }}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Istio Components by Version",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 31
},
"id": 71,
"panels": [],
"title": "Proxy Resource Usage",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 0,
"y": 32
},
"id": 72,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_memory_usage_bytes{container=\"istio-proxy\"})",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ container }} (k8s)",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 6,
"y": 32
},
"id": 73,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(container_cpu_usage_seconds_total{container=\"istio-proxy\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Total (k8s)",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "vCPU",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 32
},
"id": 702,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_fs_usage_bytes{ container=\"istio-proxy\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ container }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disk",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": null,
"format": "none",
"label": "",
"logBase": 1024,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 39
},
"id": 69,
"panels": [],
"title": "Pilot Resource Usage",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 0,
"y": 40
},
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_virtual_memory_bytes{app=\"istiod\"}",
"format": "time_series",
"instant": false,
"intervalFactor": 2,
"legendFormat": "Virtual Memory",
"refId": "I",
"step": 2
},
{
"expr": "process_resident_memory_bytes{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Resident Memory",
"refId": "H",
"step": 2
},
{
"expr": "go_memstats_heap_sys_bytes{app=\"istiod\"}",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap sys",
"refId": "A"
},
{
"expr": "go_memstats_heap_alloc_bytes{app=\"istiod\"}",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap alloc",
"refId": "D"
},
{
"expr": "go_memstats_alloc_bytes{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Alloc",
"refId": "F",
"step": 2
},
{
"expr": "go_memstats_heap_inuse_bytes{app=\"istiod\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Heap in-use",
"refId": "E",
"step": 2
},
{
"expr": "go_memstats_stack_inuse_bytes{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Stack in-use",
"refId": "G",
"step": 2
},
{
"expr": "sum(container_memory_usage_bytes{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"})",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Total (k8s)",
"refId": "C",
"step": 2
},
{
"expr": "container_memory_usage_bytes{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ container }} (k8s)",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 6,
"y": 40
},
"id": 602,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Total (k8s)",
"refId": "A",
"step": 2
},
{
"expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}[1m])) by (container)",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ container }} (k8s)",
"refId": "B",
"step": 2
},
{
"expr": "irate(process_cpu_seconds_total{app=\"istiod\"}[1m])",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "pilot (self-reported)",
"refId": "C",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "vCPU",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 40
},
"id": 74,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_open_fds{app=\"istiod\"}",
"format": "time_series",
"hide": true,
"instant": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "Open FDs (pilot)",
"refId": "A"
},
{
"expr": "container_fs_usage_bytes{ container=~\"discovery|istio-proxy\", pod=~\"istiod-.*\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ container }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disk",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": null,
"format": "none",
"label": "",
"logBase": 1024,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 40
},
"id": 402,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Number of Goroutines",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 47
},
"id": 93,
"panels": [],
"title": "Mixer Resource Usage",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 0,
"y": 48
},
"id": 94,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}",
"format": "time_series",
"instant": false,
"intervalFactor": 2,
"legendFormat": "Virtual Memory",
"refId": "I",
"step": 2
},
{
"expr": "process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Resident Memory",
"refId": "H",
"step": 2
},
{
"expr": "go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap sys",
"refId": "A"
},
{
"expr": "go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap alloc",
"refId": "D"
},
{
"expr": "go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Alloc",
"refId": "F",
"step": 2
},
{
"expr": "go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Heap in-use",
"refId": "E",
"step": 2
},
{
"expr": "go_memstats_stack_inuse_bytes{job=~\"istio-policy|istio-telemetry\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Stack in-use",
"refId": "G",
"step": 2
},
{
"expr": "sum(container_memory_usage_bytes{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"})",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Total (k8s)",
"refId": "C",
"step": 2
},
{
"expr": "container_memory_usage_bytes{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ container }} (k8s)",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 6,
"y": 48
},
"id": 95,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Total (k8s)",
"refId": "A",
"step": 2
},
{
"expr": "sum(rate(container_cpu_usage_seconds_total{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}[1m])) by (container)",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ container }} (k8s)",
"refId": "B",
"step": 2
},
{
"expr": "irate(process_cpu_seconds_total{job=~\"istio-policy|istio-telemetry\"}[1m])",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "mixer (self-reported)",
"refId": "C",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "vCPU",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 48
},
"id": 96,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_open_fds{job=~\"istio-policy|istio-telemetry\"}",
"format": "time_series",
"hide": true,
"instant": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "Open FDs (pilot)",
"refId": "A"
},
{
"expr": "container_fs_usage_bytes{container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ container }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disk",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": null,
"format": "none",
"label": "",
"logBase": 1024,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 48
},
"id": 97,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{job=\"istio-telemetry\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Number of Goroutines",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "10s",
"schemaVersion": 18,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Istio Performance Dashboard",
"uid": "vu8e0VWZk",
"version": 22
}
'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana-configuration-dashboards-istio-service-dashboard
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
istio-service-dashboard.json: '{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"iteration": 1536442501501,
"links": [],
"panels": [
{
"content": "<div class=\"dashboard-header text-center\">\n<span>SERVICE: $service</span>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 0
},
"id": 89,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "ops",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 3
},
"id": 12,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m])), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "",
"title": "Client Request Volume",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "Prometheus",
"decimals": null,
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 80,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": false
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 3
},
"id": 14,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"source\",destination_service=~\"$service\"}[5m]))",
"format": "time_series",
"intervalFactor": 1,
"refId": "B"
}
],
"thresholds": "95, 99, 99.5",
"title": "Client Success Rate (non-5xx responses)",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 3
},
"id": 87,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "P50",
"refId": "A"
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "P90",
"refId": "B"
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\",destination_service=~\"$service\"}[1m])) by (le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "P99",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Client Request Duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "Bps",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 3
},
"id": 84,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "TCP Received Bytes",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "ops",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 7
},
"id": 97,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m])), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "",
"title": "Server Request Volume",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "Prometheus",
"decimals": null,
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 80,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": false
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 7
},
"id": 98,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_service=~\"$service\"}[5m]))",
"format": "time_series",
"intervalFactor": 1,
"refId": "B"
}
],
"thresholds": "95, 99, 99.5",
"title": "Server Success Rate (non-5xx responses)",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 7
},
"id": 99,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "P50",
"refId": "A"
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "P90",
"refId": "B"
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_service=~\"$service\"}[1m])) by (le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "P99",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Server Request Duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "Bps",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 7
},
"id": 100,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", destination_service=~\"$service\"}[1m])) ",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "TCP Sent Bytes",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"content": "<div class=\"dashboard-header text-center\">\n<span>CLIENT WORKLOADS</span>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 11
},
"id": 45,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 0,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 14
},
"id": 25,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"source\",source_workload=~\"$srcwl\",source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"source\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Requests by Source And Response Code",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
"total"
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 14
},
"id": 26,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Success Rate (non-5xx responses) By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": "1.01",
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 20
},
"id": 27,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50",
"refId": "E",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90",
"refId": "F",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95",
"refId": "G",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Request Duration by Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 8,
"y": 20
},
"id": 28,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Request Size By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 16,
"y": 20
},
"id": 68,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Response Size By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 26
},
"id": 80,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Received from Incoming TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 26
},
"id": 82,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Sent to Incoming TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"content": "<div class=\"dashboard-header text-center\">\n<span>SERVICE WORKLOADS</span>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 32
},
"id": 69,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 0,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 35
},
"id": 90,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\",destination_service=~\"$service\",reporter=\"destination\",destination_workload=~\"$dstwl\",destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }} (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", reporter=\"destination\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace, response_code), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} : {{ response_code }}",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Requests by Destination And Response Code",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
"total"
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 35
},
"id": 91,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\",response_code!~\"5.*\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[5m])) by (destination_workload, destination_workload_namespace)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Success Rate (non-5xx responses) By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": "1.01",
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 41
},
"id": 94,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50",
"refId": "E",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90",
"refId": "F",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95",
"refId": "G",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Request Duration by Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 8,
"y": 41
},
"id": 95,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Request Size By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 16,
"y": 41
},
"id": 96,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace }} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Response Size By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 47
},
"id": 92,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{ destination_workload_namespace}}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Received from Incoming TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 47
},
"id": 93,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", destination_service=~\"$service\", destination_workload=~\"$dstwl\", destination_workload_namespace=~\"$dstns\"}[1m])) by (destination_workload, destination_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_workload }}.{{destination_workload_namespace }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Sent to Incoming TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "10s",
"schemaVersion": 16,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"allValue": null,
"datasource": "Prometheus",
"hide": 0,
"includeAll": false,
"label": "Service",
"multi": false,
"name": "service",
"options": [],
"query": "label_values(destination_service)",
"refresh": 1,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Client Workload Namespace",
"multi": true,
"name": "srcns",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (source_workload_namespace))",
"refresh": 1,
"regex": "/.*namespace=\"([^\"]*).*/",
"sort": 2,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Client Workload",
"multi": true,
"name": "srcwl",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", source_workload_namespace=~\"$srcns\"}) by (source_workload))",
"refresh": 1,
"regex": "/.*workload=\"([^\"]*).*/",
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Service Workload Namespace",
"multi": true,
"name": "dstns",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=\"$service\"}) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\"}) by (destination_workload_namespace))",
"refresh": 1,
"regex": "/.*namespace=\"([^\"]*).*/",
"sort": 2,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Service Workload",
"multi": true,
"name": "dstwl",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_service=~\"$service\", destination_workload_namespace=~\"$dstns\"}) by (destination_workload))",
"refresh": 1,
"regex": "/.*workload=\"([^\"]*).*/",
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Istio Service Dashboard",
"uid": "LJ_uJAvmk",
"version": 1
}
'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana-configuration-dashboards-istio-workload-dashboard
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
istio-workload-dashboard.json: '{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "5.0.4"
},
{
"type": "panel",
"id": "graph",
"name": "Graph",
"version": "5.0.0"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "5.0.0"
},
{
"type": "panel",
"id": "singlestat",
"name": "Singlestat",
"version": "5.0.0"
},
{
"type": "panel",
"id": "text",
"name": "Text",
"version": "5.0.0"
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"id": null,
"iteration": 1531345461465,
"links": [],
"panels": [
{
"content": "<div class=\"dashboard-header text-center\">\n<span>WORKLOAD: $workload.$namespace</span>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 0
},
"id": 89,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "Prometheus",
"format": "ops",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 8,
"x": 0,
"y": 3
},
"id": 12,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m])), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A",
"step": 4
}
],
"thresholds": "",
"title": "Incoming Request Volume",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "Prometheus",
"decimals": null,
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 80,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": false
},
"gridPos": {
"h": 4,
"w": 8,
"x": 8,
"y": 3
},
"id": 14,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\",response_code!~\"5.*\"}[5m])) / sum(irate(istio_requests_total{reporter=\"destination\",destination_workload_namespace=~\"$namespace\",destination_workload=~\"$workload\"}[5m]))",
"format": "time_series",
"intervalFactor": 1,
"refId": "B"
}
],
"thresholds": "95, 99, 99.5",
"title": "Incoming Success Rate (non-5xx responses)",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 4,
"w": 8,
"x": 16,
"y": 3
},
"id": 87,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "P50",
"refId": "A"
},
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "P90",
"refId": "B"
},
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\",destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "P99",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Request Duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "Bps",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 12,
"x": 0,
"y": 7
},
"id": 84,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "TCP Server Traffic",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "Prometheus",
"format": "Bps",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 4,
"w": 12,
"x": 12,
"y": 7
},
"id": 85,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": true,
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m])) + sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "TCP Client Traffic",
"transparent": false,
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"content": "<div class=\"dashboard-header text-center\">\n<span>INBOUND WORKLOADS</span>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 11
},
"id": 45,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 0,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 14
},
"id": 25,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }} (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", reporter=\"destination\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace, response_code), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} : {{ response_code }}",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Requests by Source And Response Code",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
"total"
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 14
},
"id": 26,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\",response_code!~\"5.*\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace) / sum(irate(istio_requests_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[5m])) by (source_workload, source_workload_namespace)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Success Rate (non-5xx responses) By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": "1.01",
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 20
},
"id": 27,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50",
"refId": "E",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90",
"refId": "F",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95",
"refId": "G",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Request Duration by Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 8,
"y": 20
},
"id": 28,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Request Size By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 16,
"y": 20
},
"id": 68,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload=~\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{source_workload}}.{{source_workload_namespace}} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Response Size By Source",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 26
},
"id": 80,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"destination\", connection_security_policy!=\"mutual_tls\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Received from Incoming TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 26
},
"id": 82,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"destination\", destination_workload_namespace=~\"$namespace\", destination_workload=~\"$workload\", source_workload=~\"$srcwl\", source_workload_namespace=~\"$srcns\"}[1m])) by (source_workload, source_workload_namespace), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ source_workload }}.{{ source_workload_namespace}}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Sent to Incoming TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"content": "<div class=\"dashboard-header text-center\">\n<span>OUTBOUND SERVICES</span>\n</div>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 32
},
"id": 69,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 0,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 35
},
"id": 70,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} : {{ response_code }} (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "round(sum(irate(istio_requests_total{connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", reporter=\"source\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service, response_code), 0.001)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} : {{ response_code }}",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Outgoing Requests by Destination And Response Code",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
"total"
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 35
},
"id": 71,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\",response_code!~\"5.*\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service) / sum(irate(istio_requests_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[5m])) by (destination_service)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{destination_service }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Outgoing Success Rate (non-5xx responses) By Destination",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": "1.01",
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 41
},
"id": 72,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "(histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.50, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P50",
"refId": "E",
"step": 2
},
{
"expr": "(histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.90, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P90",
"refId": "F",
"step": 2
},
{
"expr": "(histogram_quantile(0.95, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.95, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P95",
"refId": "G",
"step": 2
},
{
"expr": "(histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le)) / 1000) or histogram_quantile(0.99, sum(irate(istio_request_duration_seconds_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Outgoing Request Duration by Destination",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 8,
"y": 41
},
"id": 73,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_request_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Outgoing Request Size By Destination",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 8,
"x": 16,
"y": 41
},
"id": 74,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P50 (🔐mTLS)",
"refId": "D",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P90 (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P95 (🔐mTLS)",
"refId": "B",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P99 (🔐mTLS)",
"refId": "C",
"step": 2
},
{
"expr": "histogram_quantile(0.50, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P50",
"refId": "E",
"step": 2
},
{
"expr": "histogram_quantile(0.90, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P90",
"refId": "F",
"step": 2
},
{
"expr": "histogram_quantile(0.95, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P95",
"refId": "G",
"step": 2
},
{
"expr": "histogram_quantile(0.99, sum(irate(istio_response_bytes_bucket{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service, le))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} P99",
"refId": "H",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Response Size By Destination",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 0,
"y": 47
},
"id": 76,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_sent_bytes_total{connection_security_policy!=\"mutual_tls\", reporter=\"source\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_service }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Sent on Outgoing TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 12,
"x": 12,
"y": 47
},
"id": 78,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_service }} (🔐mTLS)",
"refId": "A",
"step": 2
},
{
"expr": "round(sum(irate(istio_tcp_received_bytes_total{reporter=\"source\", connection_security_policy!=\"mutual_tls\", source_workload_namespace=~\"$namespace\", source_workload=~\"$workload\", destination_service=~\"$dstsvc\"}[1m])) by (destination_service), 0.001)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ destination_service }}",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Bytes Received from Outgoing TCP Connection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"refresh": "10s",
"schemaVersion": 16,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"allValue": null,
"current": {},
"datasource": "Prometheus",
"hide": 0,
"includeAll": false,
"label": "Namespace",
"multi": false,
"name": "namespace",
"options": [],
"query": "query_result(sum(istio_requests_total) by (destination_workload_namespace) or sum(istio_tcp_sent_bytes_total) by (destination_workload_namespace))",
"refresh": 1,
"regex": "/.*_namespace=\"([^\"]*).*/",
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {},
"datasource": "Prometheus",
"hide": 0,
"includeAll": false,
"label": "Workload",
"multi": false,
"name": "workload",
"options": [],
"query": "query_result((sum(istio_requests_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_requests_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)) or (sum(istio_tcp_sent_bytes_total{destination_workload_namespace=~\"$namespace\"}) by (destination_workload) or sum(istio_tcp_sent_bytes_total{source_workload_namespace=~\"$namespace\"}) by (source_workload)))",
"refresh": 1,
"regex": "/.*workload=\"([^\"]*).*/",
"sort": 1,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Inbound Workload Namespace",
"multi": true,
"name": "srcns",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\"}) by (source_workload_namespace))",
"refresh": 1,
"regex": "/.*namespace=\"([^\"]*).*/",
"sort": 2,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Inbound Workload",
"multi": true,
"name": "srcwl",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload) or sum(istio_tcp_sent_bytes_total{reporter=\"destination\", destination_workload=\"$workload\", destination_workload_namespace=~\"$namespace\", source_workload_namespace=~\"$srcns\"}) by (source_workload))",
"refresh": 1,
"regex": "/.*workload=\"([^\"]*).*/",
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Destination Service",
"multi": true,
"name": "dstsvc",
"options": [],
"query": "query_result( sum(istio_requests_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service) or sum(istio_tcp_sent_bytes_total{reporter=\"source\", source_workload=~\"$workload\", source_workload_namespace=~\"$namespace\"}) by (destination_service))",
"refresh": 1,
"regex": "/.*destination_service=\"([^\"]*).*/",
"sort": 4,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Istio Workload Dashboard",
"uid": "UbsSZTDik",
"version": 1
}
'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana-configuration-dashboards-mixer-dashboard
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
mixer-dashboard.json: '{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "5.2.3"
},
{
"type": "panel",
"id": "graph",
"name": "Graph",
"version": "5.0.0"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "5.0.0"
},
{
"type": "panel",
"id": "text",
"name": "Text",
"version": "5.0.0"
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"limit": 100,
"name": "Annotations & Alerts",
"showIn": 0,
"type": "dashboard"
}
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 1,
"id": null,
"iteration": 1543881232533,
"links": [],
"panels": [
{
"content": "<center><h2>Deployed Versions</h2></center>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 0
},
"height": "40",
"id": 62,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 5,
"w": 24,
"x": 0,
"y": 3
},
"id": 64,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(istio_build{component=\"mixer\"}) by (tag)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ tag }}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Mixer Versions",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"content": "<center><h2>Resource Usage</h2></center>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 8
},
"height": "40",
"id": 29,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 0,
"y": 11
},
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(process_virtual_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"instant": false,
"intervalFactor": 2,
"legendFormat": "Virtual Memory ({{ job }})",
"refId": "I"
},
{
"expr": "sum(process_resident_memory_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Resident Memory ({{ job }})",
"refId": "H"
},
{
"expr": "sum(go_memstats_heap_sys_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap sys ({{ job }})",
"refId": "A"
},
{
"expr": "sum(go_memstats_heap_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap alloc ({{ job }})",
"refId": "D"
},
{
"expr": "sum(go_memstats_alloc_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Alloc ({{ job }})",
"refId": "F"
},
{
"expr": "sum(go_memstats_heap_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Heap in-use ({{ job }})",
"refId": "E"
},
{
"expr": "sum(go_memstats_stack_inuse_bytes{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Stack in-use ({{ job }})",
"refId": "G"
},
{
"expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (service)",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ service }} total (k8s)",
"refId": "C"
},
{
"expr": "sum(label_replace(container_memory_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ service }} - {{ container }} (k8s)",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 6,
"y": 11
},
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ service }} total (k8s)",
"refId": "A"
},
{
"expr": "label_replace(sum(rate(container_cpu_usage_seconds_total{job=\"kubernetes-cadvisor\",container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}[1m])) by (container, pod), \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ service }} - {{ container }} (k8s)",
"refId": "B"
},
{
"expr": "sum(irate(process_cpu_seconds_total{job=~\"istio-telemetry|istio-policy\"}[1m])) by (job)",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{ job }} (self-reported)",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "CPU",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 11
},
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(process_open_fds{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"hide": true,
"instant": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "Open FDs ({{ job }})",
"refId": "A"
},
{
"expr": "sum(label_replace(container_fs_usage_bytes{job=\"kubernetes-cadvisor\", container=~\"mixer|istio-proxy\", pod=~\"istio-telemetry-.*|istio-policy-.*\"}, \"service\", \"$1\" , \"pod\", \"(istio-telemetry|istio-policy)-.*\")) by (container, service)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ service }} - {{ container }}",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Disk",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": null,
"format": "none",
"label": "",
"logBase": 1024,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 11
},
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(go_goroutines{job=~\"istio-telemetry|istio-policy\"}) by (job)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Number of Goroutines ({{ job }})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"content": "<center><h2>Mixer Overview</h2></center>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 18
},
"height": "40px",
"id": 30,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 6,
"x": 0,
"y": 21
},
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(grpc_io_server_completed_rpcs[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "mixer (Total)",
"refId": "B"
},
{
"expr": "sum(rate(grpc_io_server_completed_rpcs[1m])) by (grpc_server_method)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "mixer ({{ grpc_server_method }})",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Incoming Requests",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 6,
"x": 6,
"y": 21
},
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "{}",
"yaxis": 1
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.5, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ grpc_server_method }} 0.5",
"refId": "B"
},
{
"expr": "histogram_quantile(0.9, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ grpc_server_method }} 0.9",
"refId": "C"
},
{
"expr": "histogram_quantile(0.99, sum(rate(grpc_io_server_server_latency_bucket{}[1m])) by (grpc_server_method, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ grpc_server_method }} 0.99",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Response Durations",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 6,
"x": 12,
"y": 21
},
"id": 11,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(grpc_server_handled_total{grpc_code=~\"Unknown|Unimplemented|Internal|DataLoss\"}[1m])) by (grpc_method)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Mixer {{ grpc_method }}",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Server Error Rate (5xx responses)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 6,
"w": 6,
"x": 18,
"y": 21
},
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(grpc_server_handled_total{grpc_code!=\"OK\",grpc_service=~\".*Mixer\"}[1m])) by (grpc_method)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Mixer {{ grpc_method }}",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Non-successes (4xxs)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"content": "<center><h2>Adapters and Config</h2></center>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 27
},
"id": 28,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 30
},
"id": 13,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m])) by (adapter)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ adapter }}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Adapter Dispatch Count",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 30
},
"id": 14,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.5, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ adapter }} - p50",
"refId": "A"
},
{
"expr": "histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ adapter }} - p90 ",
"refId": "B"
},
{
"expr": "histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (adapter, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ adapter }} - p99",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Adapter Dispatch Duration",
"tooltip": {
"shared": true,
"sort": 1,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 0,
"y": 37
},
"id": 60,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "scalar(topk(1, max(mixer_config_rule_config_count) by (configID)))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Rules",
"refId": "A"
},
{
"expr": "scalar(topk(1, max(mixer_config_rule_config_error_count) by (configID)))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Config Errors",
"refId": "B"
},
{
"expr": "scalar(topk(1, max(mixer_config_rule_config_match_error_count) by (configID)))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Match Errors",
"refId": "C"
},
{
"expr": "scalar(topk(1, max(mixer_config_unsatisfied_action_handler_count) by (configID)))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Unsatisfied Actions",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Rules",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 6,
"y": 37
},
"id": 56,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "scalar(topk(1, max(mixer_config_instance_config_count) by (configID)))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Instances",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Instances in Latest Config",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 37
},
"id": 54,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "scalar(topk(1, max(mixer_config_handler_config_count) by (configID)))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Handlers",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Handlers in Latest Config",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 37
},
"id": 58,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "scalar(topk(1, max(mixer_config_attribute_count) by (configID)))",
"format": "time_series",
"instant": false,
"intervalFactor": 1,
"legendFormat": "Attributes",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Attributes in Latest Config",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"content": "<center><h2>Individual Adapters</h2></center>",
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 44
},
"id": 23,
"links": [],
"mode": "html",
"title": "",
"transparent": true,
"type": "text"
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 47
},
"id": 46,
"panels": [],
"repeat": "adapter",
"title": "$adapter Adapter",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 48
},
"id": 17,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "label_replace(irate(mixer_runtime_dispatches_total{adapter=~\"$adapter\"}[1m]),\"handler\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ handler }} (error: {{ error }})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Dispatch Count By Handler",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 48
},
"id": 18,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "label_replace(histogram_quantile(0.5, sum(rate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "p50 - {{ handler_short }} (error: {{ error }})",
"refId": "A"
},
{
"expr": "label_replace(histogram_quantile(0.9, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "p90 - {{ handler_short }} (error: {{ error }})",
"refId": "D"
},
{
"expr": "label_replace(histogram_quantile(0.99, sum(irate(mixer_runtime_dispatch_duration_seconds_bucket{adapter=~\"$adapter\"}[1m])) by (handler, error, le)), \"handler_short\", \"$1 ($3)\", \"handler\", \"(.*)\\\\.(.*)\\\\.(.*)\")",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "p99 - {{ handler_short }} (error: {{ error }})",
"refId": "E"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Dispatch Duration By Handler",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "5s",
"schemaVersion": 16,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"allValue": null,
"current": {},
"datasource": "Prometheus",
"hide": 0,
"includeAll": true,
"label": "Adapter",
"multi": true,
"name": "adapter",
"options": [],
"query": "label_values(adapter)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Istio Mixer Dashboard",
"version": 4
}
'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana-configuration-dashboards-pilot-dashboard
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
pilot-dashboard.json: '{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 1,
"links": [],
"panels": [
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 60,
"panels": [],
"title": "Deployed Versions",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 5,
"w": 24,
"x": 0,
"y": 1
},
"id": 56,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(istio_build{component=\"pilot\"}) by (tag)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ tag }}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Pilot Versions",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 6
},
"id": 62,
"panels": [],
"title": "Resource Usage",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 0,
"y": 7
},
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_virtual_memory_bytes{app=\"istiod\"}",
"format": "time_series",
"instant": false,
"intervalFactor": 2,
"legendFormat": "Virtual Memory",
"refId": "I",
"step": 2
},
{
"expr": "process_resident_memory_bytes{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Resident Memory",
"refId": "H",
"step": 2
},
{
"expr": "go_memstats_heap_sys_bytes{app=\"istiod\"}",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap sys",
"refId": "A"
},
{
"expr": "go_memstats_heap_alloc_bytes{app=\"istiod\"}",
"format": "time_series",
"hide": true,
"intervalFactor": 2,
"legendFormat": "heap alloc",
"refId": "D"
},
{
"expr": "go_memstats_alloc_bytes{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Alloc",
"refId": "F",
"step": 2
},
{
"expr": "go_memstats_heap_inuse_bytes{app=\"istiod\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Heap in-use",
"refId": "E",
"step": 2
},
{
"expr": "go_memstats_stack_inuse_bytes{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Stack in-use",
"refId": "G",
"step": 2
},
{
"expr": "container_memory_usage_bytes{container=~\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Discovery (container)",
"refId": "B",
"step": 2
},
{
"expr": "container_memory_usage_bytes{container=~\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Sidecar (container)",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 6,
"y": 7
},
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_cpu_usage_seconds_total{container=\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Discovery (container)",
"refId": "A"
},
{
"expr": "irate(process_cpu_seconds_total{app=\"istiod\"}[1m])",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Discovery (process)",
"refId": "C",
"step": 2
},
{
"expr": "sum(irate(container_cpu_usage_seconds_total{container=\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 2,
"legendFormat": "Sidecar (container)",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "CPU",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 7
},
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "container_fs_usage_bytes{container=\"discovery\", pod=~\"istiod-.*|istio-pilot-.*\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Discovery",
"refId": "B",
"step": 2
},
{
"expr": "container_fs_usage_bytes{container=\"istio-proxy\", pod=~\"istiod-.*|istio-pilot-.*\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Sidecar",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disk",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": null,
"format": "none",
"label": "",
"logBase": 1024,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 7
},
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Number of Goroutines",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 14
},
"id": 58,
"panels": [],
"title": "Pilot Push Information",
"type": "row"
},
{
"aliasColors": {},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "Shows the rate of pilot pushes",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 15
},
"id": 622,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": false,
"linewidth": 1,
"links": [],
"nullPointMode": "null as zero",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(pilot_xds_pushes{type=\"cds\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Cluster",
"refId": "C"
},
{
"expr": "sum(irate(pilot_xds_pushes{type=\"eds\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Endpoints",
"refId": "D"
},
{
"expr": "sum(irate(pilot_xds_pushes{type=\"lds\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Listeners",
"refId": "A"
},
{
"expr": "sum(irate(pilot_xds_pushes{type=\"rds\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Routes",
"refId": "E"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Pilot Pushes",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
"total"
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "Captures a variety of pilot errors",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 8,
"y": 15
},
"id": 67,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(pilot_xds_cds_reject{app=\"istiod\"}) or (absent(pilot_xds_cds_reject{app=\"istiod\"}) - 1)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Rejected CDS Configs",
"refId": "C"
},
{
"expr": "sum(pilot_xds_eds_reject{app=\"istiod\"}) or (absent(pilot_xds_eds_reject{app=\"istiod\"}) - 1)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Rejected EDS Configs",
"refId": "D"
},
{
"expr": "sum(pilot_xds_rds_reject{app=\"istiod\"}) or (absent(pilot_xds_rds_reject{app=\"istiod\"}) - 1)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Rejected RDS Configs",
"refId": "A"
},
{
"expr": "sum(pilot_xds_lds_reject{app=\"istiod\"}) or (absent(pilot_xds_lds_reject{app=\"istiod\"}) - 1)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Rejected LDS Configs",
"refId": "B"
},
{
"expr": "sum(rate(pilot_xds_write_timeout{app=\"istiod\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Write Timeouts",
"refId": "F"
},
{
"expr": "sum(rate(pilot_total_xds_internal_errors{app=\"istiod\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Internal Errors",
"refId": "H"
},
{
"expr": "sum(rate(pilot_total_xds_rejects{app=\"istiod\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Config Rejection Rate",
"refId": "E"
},
{
"expr": "sum(rate(pilot_xds_push_context_errors{app=\"istiod\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Push Context Errors",
"refId": "K"
},
{
"expr": "sum(rate(pilot_xds_pushes{type!~\"lds|cds|rds|eds\"}[1m])) by (type)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Push Errors ({{ type }})",
"refId": "L"
},
{
"expr": "sum(rate(pilot_xds_push_errors{app=\"istiod\"}[1m])) by (type)",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Push Errors ({{ type }})",
"refId": "I"
},
{
"expr": "sum(rate(pilot_xds_push_timeout{app=\"istiod\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Push Timeouts",
"refId": "G"
},
{
"expr": "sum(rate(pilot_xds_push_timeout_failures{app=\"istiod\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Push Timeouts Failures",
"refId": "J"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Pilot Errors",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "Shows the total time it takes to push a config update to a proxy",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 16,
"y": 15
},
"id": 624,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.5, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "p50 ",
"refId": "A"
},
{
"expr": "histogram_quantile(0.9, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "p90",
"refId": "B"
},
{
"expr": "histogram_quantile(0.99, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "p99",
"refId": "C"
},
{
"expr": "histogram_quantile(0.999, sum(rate(pilot_proxy_convergence_time_bucket[1m])) by (le))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "p99.9",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Proxy Push Time",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 23
},
"id": 45,
"legend": {
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "pilot_conflict_inbound_listener{app=\"istiod\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Inbound Listeners",
"refId": "B"
},
{
"expr": "pilot_conflict_outbound_listener_http_over_current_tcp{app=\"istiod\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Outbound Listeners (http over current tcp)",
"refId": "A"
},
{
"expr": "pilot_conflict_outbound_listener_tcp_over_current_tcp{app=\"istiod\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Outbound Listeners (tcp over current tcp)",
"refId": "C"
},
{
"expr": "pilot_conflict_outbound_listener_tcp_over_current_http{app=\"istiod\"}",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "Outbound Listeners (tcp over current http)",
"refId": "D"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Conflicts",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 8,
"y": 23
},
"id": 47,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "pilot_virt_services{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Virtual Services",
"refId": "A"
},
{
"expr": "pilot_services{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Services",
"refId": "B"
},
{
"expr": "pilot_xds{app=\"istiod\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Connected Endpoints",
"refId": "E"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "ADS Monitoring",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"columns": [],
"datasource": "Prometheus",
"description": "Clusters in this table do not have any endpoints known to pilot. This could be from referencing subsets that do not have any instances, or pods marked as NotReady",
"fontSize": "100%",
"gridPos": {
"h": 8,
"w": 8,
"x": 16,
"y": 23
},
"id": 51,
"links": [],
"pageSize": null,
"scroll": true,
"showHeader": true,
"sort": {
"col": null,
"desc": false
},
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "date"
},
{
"alias": "Clusters",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"decimals": 2,
"pattern": "/.*/",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(pilot_xds_eds_instances{app=\"istiod\", cluster=~\".+\\\\|.+\"}) by (cluster) < 1",
"format": "time_series",
"hide": false,
"instant": true,
"intervalFactor": 1,
"legendFormat": "{{cluster}}",
"refId": "B"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Clusters with no known endpoints",
"transform": "timeseries_aggregations",
"type": "table"
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 31
},
"id": 64,
"panels": [],
"title": "Envoy Information",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "Shows details about Envoy proxies in the mesh",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 32
},
"id": 40,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(envoy_cluster_upstream_cx_total{cluster_name=\"xds-grpc\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "XDS Connections",
"refId": "C"
},
{
"expr": "sum(irate(envoy_cluster_upstream_cx_connect_fail{cluster_name=\"xds-grpc\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "XDS Connection Failures",
"refId": "A"
},
{
"expr": "sum(increase(envoy_server_hot_restart_epoch[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Envoy Restarts",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Envoy Details",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 8,
"y": 32
},
"id": 41,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(envoy_cluster_upstream_cx_active{cluster_name=\"xds-grpc\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "XDS Active Connections",
"refId": "C",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "XDS Active Connections",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "Shows the size of XDS requests and responses",
"fill": 1,
"gridPos": {
"h": 8,
"w": 8,
"x": 16,
"y": 32
},
"id": 42,
"legend": {
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "max(rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "XDS Response Bytes Max",
"refId": "D"
},
{
"expr": "quantile(0.5, rate(envoy_cluster_upstream_cx_rx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
"legendFormat": "XDS Response Bytes Average",
"refId": "B"
},
{
"expr": "max(rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "XDS Request Bytes Max",
"refId": "A"
},
{
"expr": "quantile(.5, rate(envoy_cluster_upstream_cx_tx_bytes_total{cluster_name=\"xds-grpc\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "XDS Request Bytes Average",
"refId": "C"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "XDS Requests Size",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"datasource": null,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 40
},
"id": 626,
"panels": [],
"title": "Webhooks",
"type": "row"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": null,
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 41
},
"hiddenSeries": false,
"id": 629,
"legend": {
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"dataLinks": []
},
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(galley_validation_passed[1m]))",
"interval": "",
"legendFormat": "Validations (Success)",
"refId": "A"
},
{
"expr": "sum(rate(galley_validation_failed[1m]))",
"interval": "",
"legendFormat": "Validation (Failure)",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Configuration Validation",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": null,
"description": "",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 41
},
"hiddenSeries": false,
"id": 630,
"legend": {
"avg": false,
"current": false,
"hideZero": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"dataLinks": []
},
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(sidecar_injection_success_total[1m]))",
"interval": "",
"legendFormat": "Injections (Success)",
"refId": "A"
},
{
"expr": "sum(rate(sidecar_injection_failure_total[1m]))",
"interval": "",
"legendFormat": "Injections (Failure)",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Sidecar Injection",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "5s",
"schemaVersion": 18,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Istio Control Plane Dashboard",
"uid": "3--MLVZZk",
"version": 11
}'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-grafana
namespace: istio-system
labels:
app: grafana
release: istio
istio: grafana
data:
datasources.yaml: |
apiVersion: 1
datasources:
- access: proxy
editable: true
isDefault: true
jsonData:
timeInterval: 5s
name: Prometheus
orgId: 1
type: prometheus
url: http://prometheus:9090
dashboardproviders.yaml: |
apiVersion: 1
providers:
- disableDeletion: false
folder: istio
name: istio
options:
path: /var/lib/grafana/dashboards/istio
orgId: 1
type: file
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: grafana
release: istio
name: grafana
namespace: istio-system
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: grafana
chart: grafana
heritage: Tiller
release: istio-system
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- env:
- name: GRAFANA_PORT
value: "3000"
- name: GF_AUTH_BASIC_ENABLED
value: "false"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "true"
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
value: Admin
- name: GF_PATHS_DATA
value: /data/grafana
image: grafana/grafana:6.7.4
name: grafana
ports:
- containerPort: 3000
readinessProbe:
httpGet:
path: /api/health
port: 3000
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /data/grafana
name: data
- mountPath: /var/lib/grafana/dashboards/istio/istio-mesh-dashboard.json
name: dashboards-istio-istio-mesh-dashboard
readOnly: true
subPath: istio-mesh-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-performance-dashboard.json
name: dashboards-istio-istio-performance-dashboard
readOnly: true
subPath: istio-performance-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-service-dashboard.json
name: dashboards-istio-istio-service-dashboard
readOnly: true
subPath: istio-service-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/istio-workload-dashboard.json
name: dashboards-istio-istio-workload-dashboard
readOnly: true
subPath: istio-workload-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/mixer-dashboard.json
name: dashboards-istio-mixer-dashboard
readOnly: true
subPath: mixer-dashboard.json
- mountPath: /var/lib/grafana/dashboards/istio/pilot-dashboard.json
name: dashboards-istio-pilot-dashboard
readOnly: true
subPath: pilot-dashboard.json
- mountPath: /etc/grafana/provisioning/datasources/datasources.yaml
name: config
subPath: datasources.yaml
- mountPath: /etc/grafana/provisioning/dashboards/dashboardproviders.yaml
name: config
subPath: dashboardproviders.yaml
securityContext:
fsGroup: 472
runAsUser: 472
volumes:
- configMap:
name: istio-grafana
name: config
- emptyDir: {}
name: data
- configMap:
name: istio-grafana-configuration-dashboards-istio-mesh-dashboard
name: dashboards-istio-istio-mesh-dashboard
- configMap:
name: istio-grafana-configuration-dashboards-istio-performance-dashboard
name: dashboards-istio-istio-performance-dashboard
- configMap:
name: istio-grafana-configuration-dashboards-istio-service-dashboard
name: dashboards-istio-istio-service-dashboard
- configMap:
name: istio-grafana-configuration-dashboards-istio-workload-dashboard
name: dashboards-istio-istio-workload-dashboard
- configMap:
name: istio-grafana-configuration-dashboards-mixer-dashboard
name: dashboards-istio-mixer-dashboard
- configMap:
name: istio-grafana-configuration-dashboards-pilot-dashboard
name: dashboards-istio-pilot-dashboard
---
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: grafana-ports-mtls-disabled
namespace: istio-system
labels:
app: grafana
release: istio
spec:
selector:
matchLabels:
app: grafana
portLevelMtls:
3000:
mode: DISABLE
---
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: istio-system
annotations:
labels:
app: grafana
release: istio
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app: grafana
---
---
# AddonComponents istiocoredns component is disabled.
---
# AddonComponents kiali component is disabled.
---
# Resources for AddonComponents prometheus component
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus-istio-system
labels:
app: prometheus
release: istio
rules:
- apiGroups: [""]
resources:
- nodes
- services
- endpoints
- pods
- nodes/proxy
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus-istio-system
labels:
app: prometheus
release: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-istio-system
subjects:
- kind: ServiceAccount
name: prometheus
namespace: istio-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus
namespace: istio-system
labels:
app: prometheus
release: istio
data:
prometheus.yml: |-
global:
scrape_interval: 15s
scrape_configs:
# Mixer scrapping. Defaults to Prometheus and mixer on same namespace.
- job_name: 'istio-mesh'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istio-telemetry;prometheus
# Scrape config for envoy stats
- job_name: 'envoy-stats'
metrics_path: /stats/prometheus
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_container_port_name]
action: keep
regex: '.*-envoy-prom'
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:15090
target_label: __address__
- action: labeldrop
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod_name
- job_name: 'istio-policy'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istio-policy;http-policy-monitoring
- job_name: 'istio-telemetry'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istio-telemetry;http-monitoring
- job_name: 'pilot'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istiod;http-monitoring
- source_labels: [__meta_kubernetes_service_label_app]
target_label: app
- job_name: 'galley'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istio-galley;http-monitoring
- job_name: 'citadel'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istio-citadel;http-monitoring
- job_name: 'sidecar-injector'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- istio-system
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: istio-sidecar-injector;http-monitoring
# scrape config for API servers
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- default
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: kubernetes;https
# scrape config for nodes (kubelet)
- job_name: 'kubernetes-nodes'
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics
# Scrape config for Kubelet cAdvisor.
#
# This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics
# (those whose names begin with 'container_') have been removed from the
# Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to
# retrieve those metrics.
#
# In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor
# HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics"
# in that case (and ensure cAdvisor's HTTP server hasn't been disabled with
# the --cadvisor-port=0 Kubelet flag).
#
# This job is not necessary and should be removed in Kubernetes 1.6 and
# earlier versions, or it will cause the metrics to be scraped twice.
- job_name: 'kubernetes-cadvisor'
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
# scrape config for service endpoints.
- job_name: 'kubernetes-service-endpoints'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
action: replace
target_label: kubernetes_name
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job.
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status]
action: drop
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_istio_mtls]
action: drop
regex: (true)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod_name
- job_name: 'kubernetes-pods-istio-secure'
scheme: https
tls_config:
ca_file: /etc/istio-certs/root-cert.pem
cert_file: /etc/istio-certs/cert-chain.pem
key_file: /etc/istio-certs/key.pem
insecure_skip_verify: true # prometheus does not support secure naming.
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
# sidecar status annotation is added by sidecar injector and
# istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic.
- source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls]
action: keep
regex: (([^;]+);([^;]*))|(([^;]*);(true))
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__] # Only keep address that is host:port
action: keep # otherwise an extra target with ':443' is added for https scheme
regex: ([^:]+):(\d+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod_name
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: prometheus
release: istio
name: prometheus
namespace: istio-system
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: prometheus
release: istio
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- --storage.tsdb.retention=6h
- --config.file=/etc/prometheus/prometheus.yml
image: docker.io/prom/prometheus:v2.15.1
livenessProbe:
httpGet:
path: /-/healthy
port: 9090
name: prometheus
ports:
- containerPort: 9090
name: http
readinessProbe:
httpGet:
path: /-/ready
port: 9090
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /etc/prometheus
name: config-volume
- mountPath: /etc/istio-certs
name: istio-certs
- args:
- proxy
- sidecar
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- istio-proxy-prometheus
- --proxyLogLevel=warning
- --proxyComponentLogLevel=misc:error
- --controlPlaneAuthPolicy
- NONE
- --trust-domain=cluster.local
env:
- name: OUTPUT_CERTS
value: /etc/istio-certs
- name: JWT_POLICY
value: third-party-jwt
- name: PILOT_CERT_PROVIDER
value: istiod
- name: CA_ADDR
value: istiod.istio-system.svc:15012
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: ISTIO_META_MESH_ID
value: cluster.local
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
image: docker.io/istio/proxyv2:1.6.3
imagePullPolicy: Always
name: istio-proxy
ports:
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15020
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /var/run/secrets/tokens
name: istio-token
- mountPath: /etc/istio-certs/
name: istio-certs
- mountPath: /etc/istio/config
name: istio-config-volume
serviceAccountName: prometheus
volumes:
- configMap:
name: istio
optional: true
name: istio-config-volume
- configMap:
name: prometheus
name: config-volume
- emptyDir:
medium: Memory
name: istio-certs
- emptyDir:
medium: Memory
name: istio-envoy
- name: istio-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- configMap:
defaultMode: 420
name: istio-ca-root-cert
name: istiod-ca-cert
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: istio-system
annotations:
prometheus.io/scrape: 'true'
labels:
app: prometheus
release: istio
spec:
selector:
app: prometheus
ports:
- name: http-prometheus
protocol: TCP
port: 9090
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
namespace: istio-system
labels:
app: prometheus
release: istio
---
---
# Resources for AddonComponents tracing component
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-tracing
namespace: istio-system
labels:
app: jaeger
release: istio
spec:
selector:
matchLabels:
app: jaeger
template:
metadata:
labels:
app: jaeger
release: istio
annotations:
sidecar.istio.io/inject: "false"
prometheus.io/scrape: "true"
prometheus.io/port: "14269"
spec:
containers:
- name: jaeger
image: "docker.io/jaegertracing/all-in-one:1.16"
ports:
- containerPort: 9411
- containerPort: 16686
- containerPort: 14250
- containerPort: 14267
- containerPort: 14268
- containerPort: 14269
- containerPort: 5775
protocol: UDP
- containerPort: 6831
protocol: UDP
- containerPort: 6832
protocol: UDP
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: BADGER_EPHEMERAL
value: "false"
- name: SPAN_STORAGE_TYPE
value: "badger"
- name: BADGER_DIRECTORY_VALUE
value: "/badger/data"
- name: BADGER_DIRECTORY_KEY
value: "/badger/key"
- name: COLLECTOR_ZIPKIN_HTTP_PORT
value: "9411"
- name: MEMORY_MAX_TRACES
value: "50000"
- name: QUERY_BASE_PATH
value: /jaeger
livenessProbe:
httpGet:
path: /
port: 14269
readinessProbe:
httpGet:
path: /
port: 14269
volumeMounts:
- name: data
mountPath: /badger
resources:
requests:
cpu: 10m
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "amd64"
- "ppc64le"
- "s390x"
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "amd64"
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "ppc64le"
- weight: 2
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- "s390x"
volumes:
- name: data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-query
namespace: istio-system
annotations:
labels:
app: jaeger
jaeger-infra: jaeger-service
release: istio
spec:
ports:
- name: query-http
port: 16686
protocol: TCP
targetPort: 16686
selector:
app: jaeger
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: istio-system
labels:
app: jaeger
jaeger-infra: collector-service
release: istio
spec:
ports:
- name: jaeger-collector-tchannel
port: 14267
protocol: TCP
targetPort: 14267
- name: jaeger-collector-http
port: 14268
targetPort: 14268
protocol: TCP
- name: jaeger-collector-grpc
port: 14250
targetPort: 14250
protocol: TCP
selector:
app: jaeger
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector-headless
namespace: istio-system
labels:
app: jaeger
jaeger-infra: collector-service
release: istio
spec:
ports:
- name: jaeger-collector-grpc
port: 14250
targetPort: 14250
protocol: TCP
selector:
app: jaeger
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-agent
namespace: istio-system
labels:
app: jaeger
jaeger-infra: agent-service
release: istio
spec:
ports:
- name: agent-zipkin-thrift
port: 5775
protocol: UDP
targetPort: 5775
- name: agent-compact
port: 6831
protocol: UDP
targetPort: 6831
- name: agent-binary
port: 6832
protocol: UDP
targetPort: 6832
clusterIP: None
selector:
app: jaeger
---
apiVersion: v1
kind: Service
metadata:
name: zipkin
namespace: istio-system
labels:
app: jaeger
release: istio
spec:
ports:
- port: 9411
targetPort: 9411
protocol: TCP
name: http-query
selector:
app: jaeger
---
apiVersion: v1
kind: Service
metadata:
name: tracing
namespace: istio-system
annotations:
labels:
app: jaeger
release: istio
spec:
type: ClusterIP
ports:
- name: http-query
port: 80
protocol: TCP
targetPort: 16686
selector:
app: jaeger
---
# Resources for Base component
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: istiod-istio-system
labels:
app: istiod
release: istio
rules:
# sidecar injection controller
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations"]
verbs: ["get", "list", "watch", "patch"]
# configuration validation webhook controller
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations"]
verbs: ["get", "list", "watch", "update"]
# permissions to verify the webhook is ready and rejecting
# invalid config. We use --server-dry-run so no config is persisted.
- apiGroups: ["networking.istio.io"]
verbs: ["create"]
resources: ["gateways"]
# istio configuration
- apiGroups: ["config.istio.io", "rbac.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"]
verbs: ["get", "watch", "list"]
resources: ["*"]
# auto-detect installed CRD definitions
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
# discovery and routing
- apiGroups: ["extensions","apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
# ingress controller
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "ingressclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["*"]
# required for CA's namespace controller
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "get", "list", "watch", "update"]
# Istiod and bootstrap.
- apiGroups: ["certificates.k8s.io"]
resources:
- "certificatesigningrequests"
- "certificatesigningrequests/approval"
- "certificatesigningrequests/status"
verbs: ["update", "create", "get", "delete", "watch"]
- apiGroups: ["certificates.k8s.io"]
resources:
- "signers"
resourceNames:
- "kubernetes.io/legacy-unknown"
verbs: ["approve"]
# Used by Istiod to verify the JWT tokens
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
# TODO: remove, no longer needed at cluster
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "get", "watch", "list", "update", "delete"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "watch", "list"]
# Use for Kubernetes Service APIs
- apiGroups: ["networking.x.k8s.io"]
resources: ["*"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: istio-reader-istio-system
labels:
app: istio-reader
release: istio
rules:
- apiGroups:
- "config.istio.io"
- "rbac.istio.io"
- "security.istio.io"
- "networking.istio.io"
- "authentication.istio.io"
resources: ["*"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: istio-reader-istio-system
labels:
app: istio-reader
release: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: istio-reader-istio-system
subjects:
- kind: ServiceAccount
name: istio-reader-service-account
namespace: istio-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: istiod-pilot-istio-system
labels:
app: pilot
release: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: istiod-istio-system
subjects:
- kind: ServiceAccount
name: istiod-service-account
namespace: istio-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: istio-reader-service-account
namespace: istio-system
labels:
app: istio-reader
release: istio
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: istiod-service-account
namespace: istio-system
labels:
app: istiod
release: istio
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: istiod-istio-system
labels:
app: istiod
release: istio
istio: istiod
webhooks:
- name: validation.istio.io
clientConfig:
service:
name: istiod
namespace: istio-system
path: "/validate"
caBundle: "" # patched at runtime when the webhook is ready.
rules:
- operations:
- CREATE
- UPDATE
apiGroups:
- config.istio.io
- rbac.istio.io
- security.istio.io
- authentication.istio.io
- networking.istio.io
apiVersions:
- "*"
resources:
- "*"
# Fail open until the validation webhook is ready. The webhook controller
# will update this to `Fail` and patch in the `caBundle` when the webhook
# endpoint is ready.
failurePolicy: Ignore
sideEffects: None
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: httpapispecs.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: HTTPAPISpec
listKind: HTTPAPISpecList
plural: httpapispecs
singular: httpapispec
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
api_keys:
items:
oneOf:
- not:
anyOf:
- required:
- query
- required:
- header
- required:
- cookie
- required:
- query
- required:
- header
- required:
- cookie
properties:
cookie:
format: string
type: string
header:
description: API key is sent in a request header.
format: string
type: string
query:
description: API Key is sent as a query parameter.
format: string
type: string
type: object
type: array
apiKeys:
items:
oneOf:
- not:
anyOf:
- required:
- query
- required:
- header
- required:
- cookie
- required:
- query
- required:
- header
- required:
- cookie
properties:
cookie:
format: string
type: string
header:
description: API key is sent in a request header.
format: string
type: string
query:
description: API Key is sent as a query parameter.
format: string
type: string
type: object
type: array
attributes:
properties:
attributes:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- stringValue
- required:
- int64Value
- required:
- doubleValue
- required:
- boolValue
- required:
- bytesValue
- required:
- timestampValue
- required:
- durationValue
- required:
- stringMapValue
- required:
- stringValue
- required:
- int64Value
- required:
- doubleValue
- required:
- boolValue
- required:
- bytesValue
- required:
- timestampValue
- required:
- durationValue
- required:
- stringMapValue
properties:
boolValue:
type: boolean
bytesValue:
format: binary
type: string
doubleValue:
format: double
type: number
durationValue:
type: string
int64Value:
format: int64
type: integer
stringMapValue:
properties:
entries:
additionalProperties:
format: string
type: string
description: Holds a set of name/value pairs.
type: object
type: object
stringValue:
format: string
type: string
timestampValue:
format: dateTime
type: string
type: object
description: A map of attribute name to its value.
type: object
type: object
patterns:
description: List of HTTP patterns to match.
items:
oneOf:
- not:
anyOf:
- required:
- uriTemplate
- required:
- regex
- required:
- uriTemplate
- required:
- regex
properties:
attributes:
properties:
attributes:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- stringValue
- required:
- int64Value
- required:
- doubleValue
- required:
- boolValue
- required:
- bytesValue
- required:
- timestampValue
- required:
- durationValue
- required:
- stringMapValue
- required:
- stringValue
- required:
- int64Value
- required:
- doubleValue
- required:
- boolValue
- required:
- bytesValue
- required:
- timestampValue
- required:
- durationValue
- required:
- stringMapValue
properties:
boolValue:
type: boolean
bytesValue:
format: binary
type: string
doubleValue:
format: double
type: number
durationValue:
type: string
int64Value:
format: int64
type: integer
stringMapValue:
properties:
entries:
additionalProperties:
format: string
type: string
description: Holds a set of name/value pairs.
type: object
type: object
stringValue:
format: string
type: string
timestampValue:
format: dateTime
type: string
type: object
description: A map of attribute name to its value.
type: object
type: object
httpMethod:
format: string
type: string
regex:
format: string
type: string
uriTemplate:
format: string
type: string
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: httpapispecbindings.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: HTTPAPISpecBinding
listKind: HTTPAPISpecBindingList
plural: httpapispecbindings
singular: httpapispecbinding
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
api_specs:
items:
properties:
name:
description: The short name of the HTTPAPISpec.
format: string
type: string
namespace:
description: Optional namespace of the HTTPAPISpec.
format: string
type: string
type: object
type: array
apiSpecs:
items:
properties:
name:
description: The short name of the HTTPAPISpec.
format: string
type: string
namespace:
description: Optional namespace of the HTTPAPISpec.
format: string
type: string
type: object
type: array
services:
description: One or more services to map the listed HTTPAPISpec onto.
items:
properties:
domain:
description: Domain suffix used to construct the service FQDN
in implementations that support such specification.
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: Optional one or more labels that uniquely identify
the service version.
type: object
name:
description: The short name of the service such as "foo".
format: string
type: string
namespace:
description: Optional namespace of the service.
format: string
type: string
service:
description: The service FQDN.
format: string
type: string
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: quotaspecs.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: QuotaSpec
listKind: QuotaSpecList
plural: quotaspecs
singular: quotaspec
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: Determines the quotas used for individual requests.
properties:
rules:
description: A list of Quota rules.
items:
properties:
match:
description: If empty, match all request.
items:
properties:
clause:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
description: Map of attribute names to StringMatch type.
type: object
type: object
type: array
quotas:
description: The list of quotas to charge.
items:
properties:
charge:
format: int32
type: integer
quota:
format: string
type: string
type: object
type: array
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-mixer
chart: istio
heritage: Tiller
release: istio
name: quotaspecbindings.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- apim-istio-io
kind: QuotaSpecBinding
listKind: QuotaSpecBindingList
plural: quotaspecbindings
singular: quotaspecbinding
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
quotaSpecs:
items:
properties:
name:
description: The short name of the QuotaSpec.
format: string
type: string
namespace:
description: Optional namespace of the QuotaSpec.
format: string
type: string
type: object
type: array
services:
description: One or more services to map the listed QuotaSpec onto.
items:
properties:
domain:
description: Domain suffix used to construct the service FQDN
in implementations that support such specification.
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: Optional one or more labels that uniquely identify
the service version.
type: object
name:
description: The short name of the service such as "foo".
format: string
type: string
namespace:
description: Optional namespace of the service.
format: string
type: string
service:
description: The service FQDN.
format: string
type: string
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: destinationrules.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.host
description: The name of a service from the service registry
name: Host
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: DestinationRule
listKind: DestinationRuleList
plural: destinationrules
shortNames:
- dr
singular: destinationrule
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting load balancing, outlier detection,
etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
properties:
exportTo:
description: A list of namespaces to which this destination rule is
exported.
items:
format: string
type: string
type: array
host:
description: The name of a service from the service registry.
format: string
type: string
subsets:
items:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
name:
description: Name of the subset.
format: string
type: string
trafficPolicy:
description: Traffic policies that apply to this subset.
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should
be upgraded to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP requests
to a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection
pool connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on the socket
to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive
probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
oneOf:
- not:
anyOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
httpQueryParameterName:
description: Hash based on a specific HTTP query parameter.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
localityLbSetting:
properties:
distribute:
description: 'Optional: only one of distribute or
failover can be set.'
items:
properties:
from:
description: Originating locality, '/' separated,
e.g.
format: string
type: string
to:
additionalProperties:
type: integer
description: Map of upstream localities to traffic
distribution weights.
type: object
type: object
type: array
enabled:
description: enable locality load balancing, this
is DestinationRule-level and will override mesh
wide settings in entirety.
type: boolean
failover:
description: 'Optional: only failover or distribute
can be set.'
items:
properties:
from:
description: Originating region.
format: string
type: string
to:
format: string
type: string
type: object
type: array
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutive5xxErrors:
description: Number of 5xx errors before a host is ejected
from the connection pool.
type: integer
consecutiveErrors:
format: int32
type: integer
consecutiveGatewayErrors:
description: Number of gateway errors before a host is
ejected from the connection pool.
type: integer
interval:
description: Time interval between ejection sweep analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
items:
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should
be upgraded to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP
requests to a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a
backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection
pool connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP
upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on
the socket to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive
probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
oneOf:
- not:
anyOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
httpQueryParameterName:
description: Hash based on a specific HTTP query
parameter.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
localityLbSetting:
properties:
distribute:
description: 'Optional: only one of distribute
or failover can be set.'
items:
properties:
from:
description: Originating locality, '/'
separated, e.g.
format: string
type: string
to:
additionalProperties:
type: integer
description: Map of upstream localities
to traffic distribution weights.
type: object
type: object
type: array
enabled:
description: enable locality load balancing,
this is DestinationRule-level and will override
mesh wide settings in entirety.
type: boolean
failover:
description: 'Optional: only failover or distribute
can be set.'
items:
properties:
from:
description: Originating region.
format: string
type: string
to:
format: string
type: string
type: object
type: array
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutive5xxErrors:
description: Number of 5xx errors before a host
is ejected from the connection pool.
type: integer
consecutiveErrors:
format: int32
type: integer
consecutiveGatewayErrors:
description: Number of gateway errors before a host
is ejected from the connection pool.
type: integer
interval:
description: Time interval between ejection sweep
analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
port:
properties:
number:
type: integer
type: object
tls:
description: TLS related settings for connections to
the upstream service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server
during TLS handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: array
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during
TLS handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: object
type: array
trafficPolicy:
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should be upgraded
to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP requests to
a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection pool
connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per connection to
a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections to
a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on the socket
to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
oneOf:
- not:
anyOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
httpQueryParameterName:
description: Hash based on a specific HTTP query parameter.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
localityLbSetting:
properties:
distribute:
description: 'Optional: only one of distribute or failover
can be set.'
items:
properties:
from:
description: Originating locality, '/' separated,
e.g.
format: string
type: string
to:
additionalProperties:
type: integer
description: Map of upstream localities to traffic
distribution weights.
type: object
type: object
type: array
enabled:
description: enable locality load balancing, this is DestinationRule-level
and will override mesh wide settings in entirety.
type: boolean
failover:
description: 'Optional: only failover or distribute can
be set.'
items:
properties:
from:
description: Originating region.
format: string
type: string
to:
format: string
type: string
type: object
type: array
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutive5xxErrors:
description: Number of 5xx errors before a host is ejected from
the connection pool.
type: integer
consecutiveErrors:
format: int32
type: integer
consecutiveGatewayErrors:
description: Number of gateway errors before a host is ejected
from the connection pool.
type: integer
interval:
description: Time interval between ejection sweep analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
items:
properties:
connectionPool:
properties:
http:
description: HTTP connection pool settings.
properties:
h2UpgradePolicy:
description: Specify if http1.1 connection should
be upgraded to http2 for the associated destination.
enum:
- DEFAULT
- DO_NOT_UPGRADE
- UPGRADE
type: string
http1MaxPendingRequests:
description: Maximum number of pending HTTP requests
to a destination.
format: int32
type: integer
http2MaxRequests:
description: Maximum number of requests to a backend.
format: int32
type: integer
idleTimeout:
description: The idle timeout for upstream connection
pool connections.
type: string
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend.
format: int32
type: integer
maxRetries:
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
tcpKeepalive:
description: If set then set SO_KEEPALIVE on the socket
to enable TCP Keepalives.
properties:
interval:
description: The time duration between keep-alive
probes.
type: string
probes:
type: integer
time:
type: string
type: object
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
oneOf:
- not:
anyOf:
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
- required:
- simple
- properties:
consistentHash:
oneOf:
- not:
anyOf:
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
- required:
- httpHeaderName
- required:
- httpCookie
- required:
- useSourceIp
- required:
- httpQueryParameterName
required:
- consistentHash
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: Name of the cookie.
format: string
type: string
path:
description: Path to set for the cookie.
format: string
type: string
ttl:
description: Lifetime of the cookie.
type: string
type: object
httpHeaderName:
description: Hash based on a specific HTTP header.
format: string
type: string
httpQueryParameterName:
description: Hash based on a specific HTTP query parameter.
format: string
type: string
minimumRingSize:
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
localityLbSetting:
properties:
distribute:
description: 'Optional: only one of distribute or
failover can be set.'
items:
properties:
from:
description: Originating locality, '/' separated,
e.g.
format: string
type: string
to:
additionalProperties:
type: integer
description: Map of upstream localities to traffic
distribution weights.
type: object
type: object
type: array
enabled:
description: enable locality load balancing, this
is DestinationRule-level and will override mesh
wide settings in entirety.
type: boolean
failover:
description: 'Optional: only failover or distribute
can be set.'
items:
properties:
from:
description: Originating region.
format: string
type: string
to:
format: string
type: string
type: object
type: array
type: object
simple:
enum:
- ROUND_ROBIN
- LEAST_CONN
- RANDOM
- PASSTHROUGH
type: string
type: object
outlierDetection:
properties:
baseEjectionTime:
description: Minimum ejection duration.
type: string
consecutive5xxErrors:
description: Number of 5xx errors before a host is ejected
from the connection pool.
type: integer
consecutiveErrors:
format: int32
type: integer
consecutiveGatewayErrors:
description: Number of gateway errors before a host is
ejected from the connection pool.
type: integer
interval:
description: Time interval between ejection sweep analysis.
type: string
maxEjectionPercent:
format: int32
type: integer
minHealthPercent:
format: int32
type: integer
type: object
port:
properties:
number:
type: integer
type: object
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during
TLS handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: array
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during TLS
handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
- name: v1beta1
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: envoyfilters.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: EnvoyFilter
listKind: EnvoyFilterList
plural: envoyfilters
singular: envoyfilter
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Customizing Envoy configuration generated by Istio. See more
details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
properties:
configPatches:
description: One or more patches with match conditions.
items:
properties:
applyTo:
enum:
- INVALID
- LISTENER
- FILTER_CHAIN
- NETWORK_FILTER
- HTTP_FILTER
- ROUTE_CONFIGURATION
- VIRTUAL_HOST
- HTTP_ROUTE
- CLUSTER
type: string
match:
description: Match on listener/route configuration/cluster.
oneOf:
- not:
anyOf:
- required:
- listener
- required:
- routeConfiguration
- required:
- cluster
- required:
- listener
- required:
- routeConfiguration
- required:
- cluster
properties:
cluster:
description: Match on envoy cluster attributes.
properties:
name:
description: The exact name of the cluster to match.
format: string
type: string
portNumber:
description: The service port for which this cluster was
generated.
type: integer
service:
description: The fully qualified service name for this
cluster.
format: string
type: string
subset:
description: The subset associated with the service.
format: string
type: string
type: object
context:
description: The specific config generation context to match
on.
enum:
- ANY
- SIDECAR_INBOUND
- SIDECAR_OUTBOUND
- GATEWAY
type: string
listener:
description: Match on envoy listener attributes.
properties:
filterChain:
description: Match a specific filter chain in a listener.
properties:
applicationProtocols:
description: Applies only to sidecars.
format: string
type: string
filter:
description: The name of a specific filter to apply
the patch to.
properties:
name:
description: The filter name to match on.
format: string
type: string
subFilter:
properties:
name:
description: The filter name to match on.
format: string
type: string
type: object
type: object
name:
description: The name assigned to the filter chain.
format: string
type: string
sni:
description: The SNI value used by a filter chain's
match condition.
format: string
type: string
transportProtocol:
description: Applies only to SIDECAR_INBOUND context.
format: string
type: string
type: object
name:
description: Match a specific listener by its name.
format: string
type: string
portName:
format: string
type: string
portNumber:
type: integer
type: object
proxy:
description: Match on properties associated with a proxy.
properties:
metadata:
additionalProperties:
format: string
type: string
type: object
proxyVersion:
format: string
type: string
type: object
routeConfiguration:
description: Match on envoy HTTP route configuration attributes.
properties:
gateway:
format: string
type: string
name:
description: Route configuration name to match on.
format: string
type: string
portName:
description: Applicable only for GATEWAY context.
format: string
type: string
portNumber:
type: integer
vhost:
properties:
name:
format: string
type: string
route:
description: Match a specific route within the virtual
host.
properties:
action:
description: Match a route with specific action
type.
enum:
- ANY
- ROUTE
- REDIRECT
- DIRECT_RESPONSE
type: string
name:
format: string
type: string
type: object
type: object
type: object
type: object
patch:
description: The patch to apply along with the operation.
properties:
operation:
description: Determines how the patch should be applied.
enum:
- INVALID
- MERGE
- ADD
- REMOVE
- INSERT_BEFORE
- INSERT_AFTER
- INSERT_FIRST
type: string
value:
description: The JSON config of the object being patched.
type: object
type: object
type: object
type: array
workloadSelector:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: gateways.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: Gateway
listKind: GatewayList
plural: gateways
shortNames:
- gw
singular: gateway
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting edge load balancer. See more details
at: https://istio.io/docs/reference/config/networking/gateway.html'
properties:
selector:
additionalProperties:
format: string
type: string
type: object
servers:
description: A list of server specifications.
items:
properties:
bind:
format: string
type: string
defaultEndpoint:
format: string
type: string
hosts:
description: One or more hosts exposed by this gateway.
items:
format: string
type: string
type: array
port:
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
tls:
description: Set of TLS related options that govern the server's
behavior.
properties:
caCertificates:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
cipherSuites:
description: 'Optional: If specified, only support the specified
cipher list.'
items:
format: string
type: string
type: array
credentialName:
format: string
type: string
httpsRedirect:
type: boolean
maxProtocolVersion:
description: 'Optional: Maximum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
minProtocolVersion:
description: 'Optional: Minimum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
mode:
enum:
- PASSTHROUGH
- SIMPLE
- MUTUAL
- AUTO_PASSTHROUGH
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
serverCertificate:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
verifyCertificateHash:
items:
format: string
type: string
type: array
verifyCertificateSpki:
items:
format: string
type: string
type: array
type: object
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
- name: v1beta1
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: serviceentries.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.hosts
description: The hosts associated with the ServiceEntry
name: Hosts
type: string
- JSONPath: .spec.location
description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL
or MESH_INTERNAL)
name: Location
type: string
- JSONPath: .spec.resolution
description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
name: Resolution
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: ServiceEntry
listKind: ServiceEntryList
plural: serviceentries
shortNames:
- se
singular: serviceentry
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting service registry. See more details
at: https://istio.io/docs/reference/config/networking/service-entry.html'
properties:
addresses:
description: The virtual IP addresses associated with the service.
items:
format: string
type: string
type: array
endpoints:
description: One or more endpoints associated with the service.
items:
properties:
address:
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: One or more labels associated with the endpoint.
type: object
locality:
description: The locality associated with the endpoint.
format: string
type: string
network:
format: string
type: string
ports:
additionalProperties:
type: integer
description: Set of ports associated with the endpoint.
type: object
serviceAccount:
format: string
type: string
weight:
description: The load balancing weight associated with the endpoint.
type: integer
type: object
type: array
exportTo:
description: A list of namespaces to which this service is exported.
items:
format: string
type: string
type: array
hosts:
description: The hosts associated with the ServiceEntry.
items:
format: string
type: string
type: array
location:
enum:
- MESH_EXTERNAL
- MESH_INTERNAL
type: string
ports:
description: The ports associated with the external service.
items:
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
type: array
resolution:
description: Service discovery mode for the hosts.
enum:
- NONE
- STATIC
- DNS
type: string
subjectAltNames:
items:
format: string
type: string
type: array
workloadSelector:
description: Applicable only for MESH_INTERNAL services.
properties:
labels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
- name: v1beta1
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: sidecars.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: Sidecar
listKind: SidecarList
plural: sidecars
singular: sidecar
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting network reachability of a sidecar.
See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
properties:
egress:
items:
properties:
bind:
format: string
type: string
captureMode:
enum:
- DEFAULT
- IPTABLES
- NONE
type: string
hosts:
items:
format: string
type: string
type: array
localhostServerTls:
properties:
caCertificates:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
cipherSuites:
description: 'Optional: If specified, only support the specified
cipher list.'
items:
format: string
type: string
type: array
credentialName:
format: string
type: string
httpsRedirect:
type: boolean
maxProtocolVersion:
description: 'Optional: Maximum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
minProtocolVersion:
description: 'Optional: Minimum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
mode:
enum:
- PASSTHROUGH
- SIMPLE
- MUTUAL
- AUTO_PASSTHROUGH
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
serverCertificate:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
verifyCertificateHash:
items:
format: string
type: string
type: array
verifyCertificateSpki:
items:
format: string
type: string
type: array
type: object
port:
description: The port associated with the listener.
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
type: object
type: array
ingress:
items:
properties:
bind:
description: The IP to which the listener should be bound.
format: string
type: string
captureMode:
enum:
- DEFAULT
- IPTABLES
- NONE
type: string
defaultEndpoint:
format: string
type: string
localhostClientTls:
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during TLS
handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
port:
description: The port associated with the listener.
properties:
name:
description: Label assigned to the port.
format: string
type: string
number:
description: A valid non-negative integer port number.
type: integer
protocol:
description: The protocol exposed on the port.
format: string
type: string
type: object
type: object
type: array
localhost:
properties:
clientTls:
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
mode:
enum:
- DISABLE
- SIMPLE
- MUTUAL
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
sni:
description: SNI string to present to the server during TLS
handshake.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
type: object
serverTls:
properties:
caCertificates:
description: REQUIRED if mode is `MUTUAL`.
format: string
type: string
cipherSuites:
description: 'Optional: If specified, only support the specified
cipher list.'
items:
format: string
type: string
type: array
credentialName:
format: string
type: string
httpsRedirect:
type: boolean
maxProtocolVersion:
description: 'Optional: Maximum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
minProtocolVersion:
description: 'Optional: Minimum TLS protocol version.'
enum:
- TLS_AUTO
- TLSV1_0
- TLSV1_1
- TLSV1_2
- TLSV1_3
type: string
mode:
enum:
- PASSTHROUGH
- SIMPLE
- MUTUAL
- AUTO_PASSTHROUGH
- ISTIO_MUTUAL
type: string
privateKey:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
serverCertificate:
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
format: string
type: string
subjectAltNames:
items:
format: string
type: string
type: array
verifyCertificateHash:
items:
format: string
type: string
type: array
verifyCertificateSpki:
items:
format: string
type: string
type: array
type: object
type: object
outboundTrafficPolicy:
description: Configuration for the outbound traffic policy.
properties:
egressProxy:
properties:
host:
description: The name of a service from the service registry.
format: string
type: string
port:
description: Specifies the port on the host that is being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
mode:
enum:
- REGISTRY_ONLY
- ALLOW_ANY
type: string
type: object
workloadSelector:
properties:
labels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
- name: v1beta1
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: virtualservices.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.gateways
description: The names of gateways and sidecars that should apply these routes
name: Gateways
type: string
- JSONPath: .spec.hosts
description: The destination hosts to which traffic is being sent
name: Hosts
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: VirtualService
listKind: VirtualServiceList
plural: virtualservices
shortNames:
- vs
singular: virtualservice
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting label/content routing, sni routing,
etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
properties:
exportTo:
description: A list of namespaces to which this virtual service is exported.
items:
format: string
type: string
type: array
gateways:
description: The names of gateways and sidecars that should apply these
routes.
items:
format: string
type: string
type: array
hosts:
description: The destination hosts to which traffic is being sent.
items:
format: string
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic.
items:
properties:
corsPolicy:
description: Cross-Origin Resource Sharing policy (CORS).
properties:
allowCredentials:
type: boolean
allowHeaders:
items:
format: string
type: string
type: array
allowMethods:
description: List of HTTP methods allowed to access the resource.
items:
format: string
type: string
type: array
allowOrigin:
description: The list of origins that are allowed to perform
CORS requests.
items:
format: string
type: string
type: array
allowOrigins:
description: String patterns that match allowed origins.
items:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
type: array
exposeHeaders:
items:
format: string
type: string
type: array
maxAge:
type: string
type: object
delegate:
properties:
name:
description: Name specifies the name of the delegate VirtualService.
format: string
type: string
namespace:
description: Namespace specifies the namespace where the delegate
VirtualService resides.
format: string
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP traffic at
the client side.
properties:
abort:
oneOf:
- not:
anyOf:
- required:
- httpStatus
- required:
- grpcStatus
- required:
- http2Error
- required:
- httpStatus
- required:
- grpcStatus
- required:
- http2Error
properties:
grpcStatus:
format: string
type: string
http2Error:
format: string
type: string
httpStatus:
description: HTTP status code to use to abort the Http
request.
format: int32
type: integer
percentage:
description: Percentage of requests to be aborted with
the error code provided.
properties:
value:
format: double
type: number
type: object
type: object
delay:
oneOf:
- not:
anyOf:
- required:
- fixedDelay
- required:
- exponentialDelay
- required:
- fixedDelay
- required:
- exponentialDelay
properties:
exponentialDelay:
type: string
fixedDelay:
description: Add a fixed delay before forwarding the request.
type: string
percent:
description: Percentage of requests on which the delay
will be injected (0-100).
format: int32
type: integer
percentage:
description: Percentage of requests on which the delay
will be injected.
properties:
value:
format: double
type: number
type: object
type: object
type: object
headers:
properties:
request:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
response:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
match:
items:
properties:
authority:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
gateways:
description: Names of gateways where the rule should be
applied.
items:
format: string
type: string
type: array
headers:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
type: object
ignoreUriCase:
description: Flag to specify whether the URI matching should
be case-insensitive.
type: boolean
method:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
name:
description: The name assigned to a match.
format: string
type: string
port:
description: Specifies the ports on the host that is being
addressed.
type: integer
queryParams:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
description: Query parameters for matching.
type: object
scheme:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceNamespace:
description: Source namespace constraining the applicability
of a rule to workloads in that namespace.
format: string
type: string
uri:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
withoutHeaders:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
description: withoutHeader has the same syntax with the
header, but has opposite meaning.
type: object
type: object
type: array
mirror:
properties:
host:
description: The name of a service from the service registry.
format: string
type: string
port:
description: Specifies the port on the host that is being
addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
mirror_percent:
description: Percentage of the traffic to be mirrored by the `mirror`
field.
type: integer
mirrorPercent:
description: Percentage of the traffic to be mirrored by the `mirror`
field.
type: integer
mirrorPercentage:
description: Percentage of the traffic to be mirrored by the `mirror`
field.
properties:
value:
format: double
type: number
type: object
name:
description: The name assigned to the route for debugging purposes.
format: string
type: string
redirect:
description: A HTTP rule can either redirect or forward (default)
traffic.
properties:
authority:
format: string
type: string
redirectCode:
type: integer
uri:
format: string
type: string
type: object
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: Number of retries for a given request.
format: int32
type: integer
perTryTimeout:
description: Timeout per retry attempt for a given request.
type: string
retryOn:
description: Specifies the conditions under which retry takes
place.
format: string
type: string
retryRemoteLocalities:
description: Flag to specify whether the retries should retry
to other localities.
type: boolean
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers.
properties:
authority:
description: rewrite the Authority/Host header with this value.
format: string
type: string
uri:
format: string
type: string
type: object
route:
description: A HTTP rule can either redirect or forward (default)
traffic.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
headers:
properties:
request:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
response:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
weight:
format: int32
type: integer
type: object
type: array
timeout:
description: Timeout for HTTP requests.
type: string
type: object
type: array
tcp:
description: An ordered list of route rules for opaque TCP traffic.
items:
properties:
match:
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination with
optional subnet.
items:
format: string
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied.
items:
format: string
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed.
type: integer
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceNamespace:
description: Source namespace constraining the applicability
of a rule to workloads in that namespace.
format: string
type: string
sourceSubnet:
description: IPv4 or IPv6 ip address of source with optional
subnet.
format: string
type: string
type: object
type: array
route:
description: The destination to which the connection should be
forwarded to.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
weight:
format: int32
type: integer
type: object
type: array
type: object
type: array
tls:
items:
properties:
match:
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination with
optional subnet.
items:
format: string
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied.
items:
format: string
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed.
type: integer
sniHosts:
description: SNI (server name indicator) to match on.
items:
format: string
type: string
type: array
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceNamespace:
description: Source namespace constraining the applicability
of a rule to workloads in that namespace.
format: string
type: string
type: object
type: array
route:
description: The destination to which the connection should be
forwarded to.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
weight:
format: int32
type: integer
type: object
type: array
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
- name: v1beta1
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
release: istio
name: workloadentries.networking.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
- JSONPath: .spec.address
description: Address associated with the network endpoint.
name: Address
type: string
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: WorkloadEntry
listKind: WorkloadEntryList
plural: workloadentries
shortNames:
- we
singular: workloadentry
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration affecting VMs onboarded into the mesh. See more
details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
properties:
address:
format: string
type: string
labels:
additionalProperties:
format: string
type: string
description: One or more labels associated with the endpoint.
type: object
locality:
description: The locality associated with the endpoint.
format: string
type: string
network:
format: string
type: string
ports:
additionalProperties:
type: integer
description: Set of ports associated with the endpoint.
type: object
serviceAccount:
format: string
type: string
weight:
description: The load balancing weight associated with the endpoint.
type: integer
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha3
served: true
storage: true
- name: v1beta1
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: core
package: istio.io.mixer
release: istio
name: attributemanifests.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- policy-istio-io
kind: attributemanifest
listKind: attributemanifestList
plural: attributemanifests
singular: attributemanifest
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Describes the rules used to configure Mixer''s policy and
telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'
properties:
attributes:
additionalProperties:
properties:
description:
description: A human-readable description of the attribute's purpose.
format: string
type: string
valueType:
description: The type of data carried by this attribute.
enum:
- VALUE_TYPE_UNSPECIFIED
- STRING
- INT64
- DOUBLE
- BOOL
- TIMESTAMP
- IP_ADDRESS
- EMAIL_ADDRESS
- URI
- DNS_NAME
- DURATION
- STRING_MAP
type: string
type: object
description: The set of attributes this Istio component will be responsible
for producing at runtime.
type: object
name:
description: Name of the component producing these attributes.
format: string
type: string
revision:
description: The revision of this document.
format: string
type: string
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: mixer-handler
package: handler
release: istio
name: handlers.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- policy-istio-io
kind: handler
listKind: handlerList
plural: handlers
singular: handler
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: Handler allows the operator to configure a specific adapter
implementation.
properties:
adapter:
description: The name of a specific adapter implementation.
format: string
type: string
compiledAdapter:
description: The name of the compiled in adapter this handler instantiates.
format: string
type: string
connection:
description: Information on how to connect to the out-of-process adapter.
properties:
address:
description: The address of the backend.
format: string
type: string
authentication:
description: Auth config for the connection to the backend.
oneOf:
- not:
anyOf:
- properties:
tls:
allOf:
- oneOf:
- not:
anyOf:
- required:
- tokenPath
- required:
- oauth
- required:
- tokenPath
- required:
- oauth
- oneOf:
- not:
anyOf:
- required:
- authHeader
- required:
- customHeader
- required:
- authHeader
- required:
- customHeader
required:
- tls
- required:
- mutual
- properties:
tls:
allOf:
- oneOf:
- not:
anyOf:
- required:
- tokenPath
- required:
- oauth
- required:
- tokenPath
- required:
- oauth
- oneOf:
- not:
anyOf:
- required:
- authHeader
- required:
- customHeader
- required:
- authHeader
- required:
- customHeader
required:
- tls
- required:
- mutual
properties:
mutual:
properties:
caCertificates:
format: string
type: string
clientCertificate:
description: The path to the file holding client certificate
for mutual TLS.
format: string
type: string
privateKey:
description: The path to the file holding the private key
for mutual TLS.
format: string
type: string
serverName:
description: Used to configure mixer mutual TLS client to
supply server name for SNI.
format: string
type: string
type: object
tls:
properties:
authHeader:
description: Access token is passed as authorization header.
enum:
- PLAIN
- BEARER
type: string
caCertificates:
format: string
type: string
customHeader:
description: Customized header key to hold access token,
e.g.
format: string
type: string
oauth:
description: Oauth config to fetch access token from auth
provider.
properties:
clientId:
description: OAuth client id for mixer.
format: string
type: string
clientSecret:
description: The path to the file holding the client
secret for oauth.
format: string
type: string
endpointParams:
additionalProperties:
format: string
type: string
description: Additional parameters for requests to the
token endpoint.
type: object
scopes:
description: List of requested permissions.
items:
format: string
type: string
type: array
tokenUrl:
description: The Resource server's token endpoint URL.
format: string
type: string
type: object
serverName:
format: string
type: string
tokenPath:
format: string
type: string
type: object
type: object
timeout:
description: Timeout for remote calls to the backend.
type: string
type: object
name:
description: Must be unique in the entire Mixer configuration.
format: string
type: string
params:
description: Depends on adapter implementation.
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: mixer-instance
package: instance
release: istio
name: instances.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- policy-istio-io
kind: instance
listKind: instanceList
plural: instances
singular: instance
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: An Instance tells Mixer how to create instances for particular
template.
properties:
attributeBindings:
additionalProperties:
format: string
type: string
type: object
compiledTemplate:
description: The name of the compiled in template this instance creates
instances for.
format: string
type: string
name:
format: string
type: string
params:
description: Depends on referenced template.
type: object
template:
description: The name of the template this instance creates instances
for.
format: string
type: string
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: core
package: istio.io.mixer
release: istio
name: rules.config.istio.io
spec:
group: config.istio.io
names:
categories:
- istio-io
- policy-istio-io
kind: rule
listKind: ruleList
plural: rules
singular: rule
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Describes the rules used to configure Mixer''s policy and
telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html'
properties:
actions:
description: The actions that will be executed when match evaluates
to `true`.
items:
properties:
handler:
description: Fully qualified name of the handler to invoke.
format: string
type: string
instances:
items:
format: string
type: string
type: array
name:
description: A handle to refer to the results of the action.
format: string
type: string
type: object
type: array
match:
description: Match is an attribute based predicate.
format: string
type: string
requestHeaderOperations:
items:
properties:
name:
description: Header name literal value.
format: string
type: string
operation:
description: Header operation type.
enum:
- REPLACE
- REMOVE
- APPEND
type: string
values:
description: Header value expressions.
items:
format: string
type: string
type: array
type: object
type: array
responseHeaderOperations:
items:
properties:
name:
description: Header name literal value.
format: string
type: string
operation:
description: Header operation type.
enum:
- REPLACE
- REMOVE
- APPEND
type: string
values:
description: Header value expressions.
items:
format: string
type: string
type: array
type: object
type: array
sampling:
properties:
random:
description: Provides filtering of actions based on random selection
per request.
properties:
attributeExpression:
description: Specifies an attribute expression to use to override
the numerator in the `percent_sampled` field.
format: string
type: string
percentSampled:
description: The default sampling rate, expressed as a percentage.
properties:
denominator:
description: Specifies the denominator.
enum:
- HUNDRED
- TEN_THOUSAND
type: string
numerator:
description: Specifies the numerator.
type: integer
type: object
useIndependentRandomness:
description: By default sampling will be based on the value
of the request header `x-request-id`.
type: boolean
type: object
rateLimit:
properties:
maxUnsampledEntries:
description: Number of entries to allow during the `sampling_duration`
before sampling is enforced.
format: int64
type: integer
samplingDuration:
description: Window in which to enforce the sampling rate.
type: string
samplingRate:
description: The rate at which to sample entries once the unsampled
limit has been reached.
format: int64
type: integer
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
istio: rbac
release: istio
name: clusterrbacconfigs.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ClusterRbacConfig
listKind: ClusterRbacConfigList
plural: clusterrbacconfigs
singular: clusterrbacconfig
preserveUnknownFields: false
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
enforcementMode:
enum:
- ENFORCED
- PERMISSIVE
type: string
exclusion:
description: A list of services or namespaces that should not be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
inclusion:
description: A list of services or namespaces that should be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
mode:
description: Istio RBAC mode.
enum:
- "OFF"
- "ON"
- ON_WITH_INCLUSION
- ON_WITH_EXCLUSION
type: string
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: rbacconfigs.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: RbacConfig
listKind: RbacConfigList
plural: rbacconfigs
singular: rbacconfig
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
enforcementMode:
enum:
- ENFORCED
- PERMISSIVE
type: string
exclusion:
description: A list of services or namespaces that should not be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
inclusion:
description: A list of services or namespaces that should be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
mode:
description: Istio RBAC mode.
enum:
- "OFF"
- "ON"
- ON_WITH_INCLUSION
- ON_WITH_EXCLUSION
type: string
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: serviceroles.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ServiceRole
listKind: ServiceRoleList
plural: serviceroles
singular: servicerole
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
rules:
description: The set of access rules (permissions) that the role has.
items:
properties:
constraints:
description: Optional.
items:
properties:
key:
description: Key of the constraint.
format: string
type: string
values:
description: List of valid values for the constraint.
items:
format: string
type: string
type: array
type: object
type: array
hosts:
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
items:
format: string
type: string
type: array
notMethods:
items:
format: string
type: string
type: array
notPaths:
items:
format: string
type: string
type: array
notPorts:
items:
format: int32
type: integer
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
items:
format: int32
type: integer
type: array
services:
description: A list of service names.
items:
format: string
type: string
type: array
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: servicerolebindings.rbac.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.roleRef.name
description: The name of the ServiceRole object being referenced
name: Reference
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ServiceRoleBinding
listKind: ServiceRoleBindingList
plural: servicerolebindings
singular: servicerolebinding
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
actions:
items:
properties:
constraints:
description: Optional.
items:
properties:
key:
description: Key of the constraint.
format: string
type: string
values:
description: List of valid values for the constraint.
items:
format: string
type: string
type: array
type: object
type: array
hosts:
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
items:
format: string
type: string
type: array
notMethods:
items:
format: string
type: string
type: array
notPaths:
items:
format: string
type: string
type: array
notPorts:
items:
format: int32
type: integer
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
items:
format: int32
type: integer
type: array
services:
description: A list of service names.
items:
format: string
type: string
type: array
type: object
type: array
mode:
enum:
- ENFORCED
- PERMISSIVE
type: string
role:
format: string
type: string
roleRef:
description: Reference to the ServiceRole object.
properties:
kind:
description: The type of the role being referenced.
format: string
type: string
name:
description: The name of the ServiceRole object being referenced.
format: string
type: string
type: object
subjects:
description: List of subjects that are assigned the ServiceRole object.
items:
properties:
group:
format: string
type: string
groups:
items:
format: string
type: string
type: array
ips:
items:
format: string
type: string
type: array
names:
items:
format: string
type: string
type: array
namespaces:
items:
format: string
type: string
type: array
notGroups:
items:
format: string
type: string
type: array
notIps:
items:
format: string
type: string
type: array
notNames:
items:
format: string
type: string
type: array
notNamespaces:
items:
format: string
type: string
type: array
properties:
additionalProperties:
format: string
type: string
description: Optional.
type: object
user:
description: Optional.
format: string
type: string
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
istio: security
release: istio
name: authorizationpolicies.security.istio.io
spec:
group: security.istio.io
names:
categories:
- istio-io
- security-istio-io
kind: AuthorizationPolicy
listKind: AuthorizationPolicyList
plural: authorizationpolicies
singular: authorizationpolicy
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'Configuration for access control on workloads. See more details
at: https://istio.io/docs/reference/config/security/authorization-policy.html'
properties:
action:
description: Optional.
enum:
- ALLOW
- DENY
type: string
rules:
description: Optional.
items:
properties:
from:
description: Optional.
items:
properties:
source:
description: Source specifies the source of a request.
properties:
ipBlocks:
description: Optional.
items:
format: string
type: string
type: array
namespaces:
description: Optional.
items:
format: string
type: string
type: array
notIpBlocks:
description: Optional.
items:
format: string
type: string
type: array
notNamespaces:
description: Optional.
items:
format: string
type: string
type: array
notPrincipals:
description: Optional.
items:
format: string
type: string
type: array
notRequestPrincipals:
description: Optional.
items:
format: string
type: string
type: array
principals:
description: Optional.
items:
format: string
type: string
type: array
requestPrincipals:
description: Optional.
items:
format: string
type: string
type: array
type: object
type: object
type: array
to:
description: Optional.
items:
properties:
operation:
description: Operation specifies the operation of a request.
properties:
hosts:
description: Optional.
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
description: Optional.
items:
format: string
type: string
type: array
notMethods:
description: Optional.
items:
format: string
type: string
type: array
notPaths:
description: Optional.
items:
format: string
type: string
type: array
notPorts:
description: Optional.
items:
format: string
type: string
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
description: Optional.
items:
format: string
type: string
type: array
type: object
type: object
type: array
when:
description: Optional.
items:
properties:
key:
description: The name of an Istio attribute.
format: string
type: string
notValues:
description: Optional.
items:
format: string
type: string
type: array
values:
description: Optional.
items:
format: string
type: string
type: array
type: object
type: array
type: object
type: array
selector:
description: Optional.
properties:
matchLabels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1beta1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
istio: security
release: istio
name: peerauthentications.security.istio.io
spec:
group: security.istio.io
names:
categories:
- istio-io
- security-istio-io
kind: PeerAuthentication
listKind: PeerAuthenticationList
plural: peerauthentications
shortNames:
- pa
singular: peerauthentication
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: PeerAuthentication defines how traffic will be tunneled (or
not) to the sidecar.
properties:
mtls:
description: Mutual TLS settings for workload.
properties:
mode:
description: Defines the mTLS mode used for peer authentication.
enum:
- UNSET
- DISABLE
- PERMISSIVE
- STRICT
type: string
type: object
portLevelMtls:
additionalProperties:
properties:
mode:
description: Defines the mTLS mode used for peer authentication.
enum:
- UNSET
- DISABLE
- PERMISSIVE
- STRICT
type: string
type: object
description: Port specific mutual TLS settings.
type: object
selector:
description: The selector determines the workloads to apply the ChannelAuthentication
on.
properties:
matchLabels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1beta1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
istio: security
release: istio
name: requestauthentications.security.istio.io
spec:
group: security.istio.io
names:
categories:
- istio-io
- security-istio-io
kind: RequestAuthentication
listKind: RequestAuthenticationList
plural: requestauthentications
shortNames:
- ra
singular: requestauthentication
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: RequestAuthentication defines what request authentication methods
are supported by a workload.
properties:
jwtRules:
description: Define the list of JWTs that can be validated at the selected
workloads' proxy.
items:
properties:
audiences:
items:
format: string
type: string
type: array
forwardOriginalToken:
description: If set to true, the orginal token will be kept for
the ustream request.
type: boolean
fromHeaders:
description: List of header locations from which JWT is expected.
items:
properties:
name:
description: The HTTP header name.
format: string
type: string
prefix:
description: The prefix that should be stripped before decoding
the token.
format: string
type: string
type: object
type: array
fromParams:
description: List of query parameters from which JWT is expected.
items:
format: string
type: string
type: array
issuer:
description: Identifies the issuer that issued the JWT.
format: string
type: string
jwks:
description: JSON Web Key Set of public keys to validate signature
of the JWT.
format: string
type: string
jwks_uri:
format: string
type: string
jwksUri:
format: string
type: string
outputPayloadToHeader:
format: string
type: string
type: object
type: array
selector:
description: The selector determines the workloads to apply the RequestAuthentication
on.
properties:
matchLabels:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1beta1
served: true
storage: true
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: adapters.config.istio.io
labels:
app: mixer
package: adapter
istio: mixer-adapter
chart: istio
heritage: Tiller
release: istio
annotations:
"helm.sh/resource-policy": keep
spec:
group: config.istio.io
names:
kind: adapter
plural: adapters
singular: adapter
categories:
- istio-io
- policy-istio-io
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha2
served: true
storage: true
---
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: templates.config.istio.io
labels:
app: mixer
package: template
istio: mixer-template
chart: istio
heritage: Tiller
release: istio
annotations:
"helm.sh/resource-policy": keep
spec:
group: config.istio.io
names:
kind: template
plural: templates
singular: template
categories:
- istio-io
- policy-istio-io
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha2
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: istiooperators.install.istio.io
labels:
release: istio
spec:
additionalPrinterColumns:
- JSONPath: .spec.revision
description: Istio control plane revision
name: Revision
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: install.istio.io
names:
kind: IstioOperator
plural: istiooperators
singular: istiooperator
shortNames:
- iop
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: 'Specification of the desired state of the istio control plane resource.
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
status:
description: 'Status describes each of istio control plane component status at the current time.
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
# Cni component is disabled.
# EgressGateways istio-egressgateway component is disabled.
# Resources for IngressGateways component
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
name: istio-ingressgateway
namespace: istio-system
spec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-ingressgateway
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
name: istio-ingressgateway
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
istio: ingressgateway
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: istio-ingressgateway
chart: gateways
heritage: Tiller
istio: ingressgateway
release: istio
service.istio.io/canonical-name: istio-ingressgateway
service.istio.io/canonical-revision: latest
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- proxy
- router
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --proxyLogLevel=warning
- --proxyComponentLogLevel=misc:error
- --log_output_level=default:info
- --serviceCluster
- istio-ingressgateway
- --trust-domain=cluster.local
env:
- name: JWT_POLICY
value: third-party-jwt
- name: PILOT_CERT_PROVIDER
value: istiod
- name: CA_ADDR
value: istiod.istio-system.svc:15012
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: CANONICAL_SERVICE
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CANONICAL_REVISION
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-revision']
- name: ISTIO_META_WORKLOAD_NAME
value: istio-ingressgateway
- name: ISTIO_META_OWNER
value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway
- name: ISTIO_META_MESH_ID
value: cluster.local
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
image: docker.io/istio/proxyv2:1.6.3
name: istio-proxy
ports:
- containerPort: 15021
- containerPort: 8080
- containerPort: 8443
- containerPort: 15443
- containerPort: 15011
- containerPort: 15012
- containerPort: 8060
- containerPort: 853
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /etc/istio/config
name: config-volume
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /var/run/secrets/tokens
name: istio-token
readOnly: true
- mountPath: /var/run/ingress_gateway
name: ingressgatewaysdsudspath
- mountPath: /etc/istio/pod
name: podinfo
- mountPath: /etc/istio/ingressgateway-certs
name: ingressgateway-certs
readOnly: true
- mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs
readOnly: true
serviceAccountName: istio-ingressgateway-service-account
volumes:
- configMap:
name: istio-ca-root-cert
name: istiod-ca-cert
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
- fieldRef:
fieldPath: metadata.annotations
path: annotations
name: podinfo
- emptyDir: {}
name: istio-envoy
- emptyDir: {}
name: ingressgatewaysdsudspath
- name: istio-token
projected:
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- configMap:
name: istio
optional: true
name: config-volume
- name: ingressgateway-certs
secret:
optional: true
secretName: istio-ingressgateway-certs
- name: ingressgateway-ca-certs
secret:
optional: true
secretName: istio-ingressgateway-ca-certs
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: istio-ingressgateway
namespace: istio-system
labels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
spec:
minAvailable: 1
selector:
matchLabels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: istio-ingressgateway-sds
namespace: istio-system
labels:
release: istio
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: istio-ingressgateway-sds
namespace: istio-system
labels:
release: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: istio-ingressgateway-sds
subjects:
- kind: ServiceAccount
name: istio-ingressgateway-service-account
---
apiVersion: v1
kind: Service
metadata:
annotations: null
labels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
name: istio-ingressgateway
namespace: istio-system
spec:
ports:
- name: status-port
port: 15021
targetPort: 15021
- name: http2
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
- name: tls
port: 15443
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
type: LoadBalancer
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: istio-ingressgateway-service-account
namespace: istio-system
labels:
app: istio-ingressgateway
istio: ingressgateway
release: istio
---
# IstiodRemote component is disabled.
# Resources for Pilot component
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: istiod
namespace: istio-system
labels:
app: istiod
release: istio
istio.io/rev: default
spec:
maxReplicas: 5
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istiod
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 80
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio
namespace: istio-system
labels:
istio.io/rev: default
release: istio
data:
# Configuration file for the mesh networks to be used by the Split Horizon EDS.
meshNetworks: |-
networks: {}
mesh: |-
accessLogEncoding: TEXT
accessLogFile: ""
accessLogFormat: ""
defaultConfig:
concurrency: 2
configPath: ./etc/istio/proxy
connectTimeout: 10s
controlPlaneAuthPolicy: NONE
discoveryAddress: istiod.istio-system.svc:15012
drainDuration: 45s
parentShutdownDuration: 1m0s
proxyAdminPort: 15000
proxyMetadata:
DNS_AGENT: ""
serviceCluster: istio-proxy
tracing:
zipkin:
address: 192.168.39.240.observability:9411
disableMixerHttpReports: true
disablePolicyChecks: true
enablePrometheusMerge: false
ingressClass: istio
ingressControllerMode: STRICT
ingressService: istio-ingressgateway
protocolDetectionTimeout: 100ms
reportBatchMaxEntries: 100
reportBatchMaxTime: 1s
sdsUdsPath: unix:/etc/istio/proxy/SDS
trustDomain: cluster.local
trustDomainAliases: null
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: istiod
istio: pilot
istio.io/rev: default
release: istio
name: istiod
namespace: istio-system
spec:
selector:
matchLabels:
istio: pilot
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: istiod
istio: pilot
istio.io/rev: default
spec:
containers:
- args:
- discovery
- --monitoringAddr=:15014
- --log_output_level=default:info
- --domain
- cluster.local
- --trust-domain=cluster.local
- --keepaliveMaxServerConnectionAge
- 30m
env:
- name: REVISION
value: default
- name: JWT_POLICY
value: third-party-jwt
- name: PILOT_CERT_PROVIDER
value: istiod
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: PILOT_TRACE_SAMPLING
value: "1"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
value: "true"
- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
value: "true"
- name: INJECTION_WEBHOOK_CONFIG_NAME
value: istio-sidecar-injector
- name: ISTIOD_ADDR
value: istiod.istio-system.svc:15012
- name: PILOT_ENABLE_ANALYSIS
value: "false"
- name: CLUSTER_ID
value: Kubernetes
- name: CENTRAL_ISTIOD
value: "false"
image: docker.io/istio/pilot:1.6.3
name: discovery
ports:
- containerPort: 8080
- containerPort: 15010
- containerPort: 15017
- containerPort: 15053
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 1
periodSeconds: 3
timeoutSeconds: 5
resources:
requests:
cpu: 500m
memory: 2048Mi
securityContext:
capabilities:
drop:
- ALL
runAsGroup: 1337
runAsNonRoot: true
runAsUser: 1337
volumeMounts:
- mountPath: /etc/istio/config
name: config-volume
- mountPath: /var/run/secrets/tokens
name: istio-token
readOnly: true
- mountPath: /var/run/secrets/istio-dns
name: local-certs
- mountPath: /etc/cacerts
name: cacerts
readOnly: true
- mountPath: /var/lib/istio/inject
name: inject
readOnly: true
securityContext:
fsGroup: 1337
serviceAccountName: istiod-service-account
volumes:
- emptyDir:
medium: Memory
name: local-certs
- name: istio-token
projected:
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- name: cacerts
secret:
optional: true
secretName: cacerts
- configMap:
name: istio-sidecar-injector
optional: true
name: inject
- configMap:
name: istio
name: config-volume
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
namespace: istio-system
labels:
istio.io/rev: default
release: istio
data:
values: |-
{
"global": {
"arch": {
"amd64": 2,
"ppc64le": 2,
"s390x": 2
},
"configNamespace": "istio-system",
"configValidation": true,
"controlPlaneSecurityEnabled": true,
"defaultNodeSelector": {},
"defaultPodDisruptionBudget": {
"enabled": true
},
"defaultResources": {
"requests": {
"cpu": "10m"
}
},
"enableHelmTest": false,
"enabled": true,
"hub": "docker.io/istio",
"imagePullPolicy": "",
"imagePullSecrets": [],
"istioNamespace": "istio-system",
"istiod": {
"enableAnalysis": false,
"enabled": true
},
"jwtPolicy": "third-party-jwt",
"logAsJson": false,
"logging": {
"level": "default:info"
},
"meshExpansion": {
"enabled": false,
"useILB": false
},
"meshNetworks": {},
"mountMtlsCerts": false,
"multiCluster": {
"clusterName": "",
"enabled": false
},
"namespace": "istio-system",
"network": "",
"omitSidecarInjectorConfigMap": false,
"oneNamespace": false,
"operatorManageWebhooks": false,
"pilotCertProvider": "istiod",
"policyNamespace": "istio-system",
"priorityClassName": "",
"prometheusNamespace": "istio-system",
"proxy": {
"autoInject": "enabled",
"clusterDomain": "cluster.local",
"componentLogLevel": "misc:error",
"enableCoreDump": false,
"envoyStatsd": {
"enabled": false
},
"excludeIPRanges": "",
"excludeInboundPorts": "",
"excludeOutboundPorts": "",
"image": "proxyv2",
"includeIPRanges": "*",
"logLevel": "warning",
"privileged": false,
"readinessFailureThreshold": 30,
"readinessInitialDelaySeconds": 1,
"readinessPeriodSeconds": 2,
"resources": {
"limits": {
"cpu": "2000m",
"memory": "1024Mi"
},
"requests": {
"cpu": "100m",
"memory": "128Mi"
}
},
"statusPort": 15020,
"tracer": "zipkin"
},
"proxy_init": {
"image": "proxyv2",
"resources": {
"limits": {
"cpu": "100m",
"memory": "50Mi"
},
"requests": {
"cpu": "10m",
"memory": "10Mi"
}
}
},
"sds": {
"token": {
"aud": "istio-ca"
}
},
"securityNamespace": "istio-system",
"sts": {
"servicePort": 0
},
"tag": "1.6.3",
"telemetryNamespace": "istio-system",
"tracer": {
"datadog": {
"address": "$(HOST_IP):8126"
},
"lightstep": {
"accessToken": "",
"address": ""
},
"stackdriver": {
"debug": false,
"maxNumberOfAnnotations": 200,
"maxNumberOfAttributes": 200,
"maxNumberOfMessageEvents": 200
},
"zipkin": {
"address": "192.168.39.240.observability:9411"
}
},
"trustDomain": "cluster.local",
"useMCP": false
},
"istio_cni": {
"enabled": false
},
"revision": "",
"sidecarInjectorWebhook": {
"alwaysInjectSelector": [],
"enableNamespacesByDefault": false,
"enabled": false,
"injectLabel": "istio-injection",
"injectedAnnotations": {},
"namespace": "istio-system",
"neverInjectSelector": [],
"objectSelector": {
"autoInject": true,
"enabled": false
},
"rewriteAppHTTPProbe": true
}
}
# To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching
# and istiod webhook functionality.
#
# New fields should not use Values - it is a 'primary' config object, users should be able
# to fine tune it or use it with kube-inject.
config: |-
policy: enabled
alwaysInjectSelector:
[]
neverInjectSelector:
[]
injectedAnnotations:
template: |
rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }}
initContainers:
{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
{{ if .Values.istio_cni.enabled -}}
- name: istio-validation
{{ else -}}
- name: istio-init
{{ end -}}
{{- if contains "/" .Values.global.proxy_init.image }}
image: "{{ .Values.global.proxy_init.image }}"
{{- else }}
image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
{{- end }}
args:
- istio-iptables
- "-p"
- 15001
- "-z"
- "15006"
- "-u"
- 1337
- "-m"
- "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}"
- "-i"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}"
- "-x"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}"
- "-b"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}"
- "-d"
- "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}"
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}}
- "-o"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
{{ end -}}
{{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}
- "-k"
- "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
{{ end -}}
{{ if .Values.istio_cni.enabled -}}
- "--run-validation"
- "--skip-rule-apply"
{{ end -}}
imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}"
{{- if .Values.global.proxy_init.resources }}
env:
{{- range $key, $value := .ProxyConfig.ProxyMetadata }}
- name: {{ $key }}
value: "{{ $value }}"
{{- end }}
resources:
{{ toYaml .Values.global.proxy_init.resources | indent 4 }}
{{- else }}
resources: {}
{{- end }}
securityContext:
allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }}
privileged: {{ .Values.global.proxy.privileged }}
capabilities:
{{- if not .Values.istio_cni.enabled }}
add:
- NET_ADMIN
- NET_RAW
{{- end }}
drop:
- ALL
{{- if not .Values.istio_cni.enabled }}
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
{{- else }}
readOnlyRootFilesystem: true
runAsGroup: 1337
runAsUser: 1337
runAsNonRoot: true
{{- end }}
restartPolicy: Always
{{ end -}}
{{- if eq .Values.global.proxy.enableCoreDump true }}
- name: enable-core-dump
args:
- -c
- sysctl -w kernel.core_pattern=/var/lib/istio/data/core.proxy && ulimit -c unlimited
command:
- /bin/sh
{{- if contains "/" .Values.global.proxy_init.image }}
image: "{{ .Values.global.proxy_init.image }}"
{{- else }}
image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
{{- end }}
imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}"
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- SYS_ADMIN
drop:
- ALL
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
{{ end }}
containers:
- name: istio-proxy
{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
{{- else }}
image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
{{- end }}
ports:
- containerPort: 15090
protocol: TCP
name: http-envoy-prom
args:
- proxy
- sidecar
- --domain
- $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }}
- --serviceCluster
{{ if ne "" (index .ObjectMeta.Labels "app") -}}
- "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)"
{{ else -}}
- "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}"
{{ end -}}
- --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel}}
- --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel}}
{{- if .Values.global.sts.servicePort }}
- --stsPort={{ .Values.global.sts.servicePort }}
{{- end }}
{{- if .Values.global.trustDomain }}
- --trust-domain={{ .Values.global.trustDomain }}
{{- end }}
{{- if .Values.global.logAsJson }}
- --log_as_json
{{- end }}
{{- if gt .ProxyConfig.Concurrency 0 }}
- --concurrency
- "{{ .ProxyConfig.Concurrency }}"
{{- end -}}
{{- if .Values.global.proxy.lifecycle }}
lifecycle:
{{ toYaml .Values.global.proxy.lifecycle | indent 4 }}
{{- end }}
env:
- name: JWT_POLICY
value: {{ .Values.global.jwtPolicy }}
- name: PILOT_CERT_PROVIDER
value: {{ .Values.global.pilotCertProvider }}
# Temp, pending PR to make it default or based on the istiodAddr env
- name: CA_ADDR
{{- if .Values.global.caAddress }}
value: {{ .Values.global.caAddress }}
{{- else }}
value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012
{{- end }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: CANONICAL_SERVICE
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CANONICAL_REVISION
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-revision']
- name: PROXY_CONFIG
value: |
{{ protoToJSON .ProxyConfig }}
- name: ISTIO_META_POD_PORTS
value: |-
[
{{- $first := true }}
{{- range $index1, $c := .Spec.Containers }}
{{- range $index2, $p := $c.Ports }}
{{- if (structToJSON $p) }}
{{if not $first}},{{end}}{{ structToJSON $p }}
{{- $first = false }}
{{- end }}
{{- end}}
{{- end}}
]
- name: ISTIO_META_APP_CONTAINERS
value: |-
[
{{- range $index, $container := .Spec.Containers }}
{{- if ne $index 0}},{{- end}}
{{ $container.Name }}
{{- end}}
]
- name: ISTIO_META_CLUSTER_ID
value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}"
- name: ISTIO_META_INTERCEPTION_MODE
value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
{{- if .Values.global.network }}
- name: ISTIO_META_NETWORK
value: "{{ .Values.global.network }}"
{{- end }}
{{ if .ObjectMeta.Annotations }}
- name: ISTIO_METAJSON_ANNOTATIONS
value: |
{{ toJSON .ObjectMeta.Annotations }}
{{ end }}
{{- if .DeploymentMeta.Name }}
- name: ISTIO_META_WORKLOAD_NAME
value: {{ .DeploymentMeta.Name }}
{{ end }}
{{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
- name: ISTIO_META_OWNER
value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
{{- end}}
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- name: ISTIO_BOOTSTRAP_OVERRIDE
value: "/etc/istio/custom-bootstrap/custom_bootstrap.json"
{{- end }}
{{- if .Values.global.meshID }}
- name: ISTIO_META_MESH_ID
value: "{{ .Values.global.meshID }}"
{{- else if .Values.global.trustDomain }}
- name: ISTIO_META_MESH_ID
value: "{{ .Values.global.trustDomain }}"
{{- end }}
{{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
{{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }}
- name: {{ $key }}
value: "{{ $value }}"
{{- end }}
{{- end }}
{{- range $key, $value := .ProxyConfig.ProxyMetadata }}
- name: {{ $key }}
value: "{{ $value }}"
{{- end }}
imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}"
{{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }}
readinessProbe:
httpGet:
path: /healthz/ready
port: 15021
initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }}
periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }}
failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }}
{{ end -}}
securityContext:
allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }}
capabilities:
{{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
add:
{{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}}
- NET_ADMIN
{{- end }}
{{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}}
- NET_BIND_SERVICE
{{- end }}
{{- end }}
drop:
- ALL
privileged: {{ .Values.global.proxy.privileged }}
readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }}
runAsGroup: 1337
fsGroup: 1337
{{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}}
runAsNonRoot: false
runAsUser: 0
{{- else -}}
runAsNonRoot: true
runAsUser: 1337
{{- end }}
resources:
{{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
{{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
requests:
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}}
cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}"
{{ end }}
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}}
memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}"
{{ end }}
{{- end }}
{{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
limits:
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}}
cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}"
{{ end }}
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}}
memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}"
{{ end }}
{{- end }}
{{- else }}
{{- if .Values.global.proxy.resources }}
{{ toYaml .Values.global.proxy.resources | indent 4 }}
{{- end }}
{{- end }}
volumeMounts:
{{- if eq .Values.global.pilotCertProvider "istiod" }}
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
{{- end }}
- mountPath: /var/lib/istio/data
name: istio-data
{{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- mountPath: /etc/istio/custom-bootstrap
name: custom-bootstrap-volume
{{- end }}
# SDS channel between istioagent and Envoy
- mountPath: /etc/istio/proxy
name: istio-envoy
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
- mountPath: /var/run/secrets/tokens
name: istio-token
{{- end }}
{{- if .Values.global.mountMtlsCerts }}
# Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
- mountPath: /etc/certs/
name: istio-certs
readOnly: true
{{- end }}
- name: istio-podinfo
mountPath: /etc/istio/pod
{{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }}
- mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }}
name: lightstep-certs
readOnly: true
{{- end }}
{{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }}
{{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }}
- name: "{{ $index }}"
{{ toYaml $value | indent 4 }}
{{ end }}
{{- end }}
volumes:
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- name: custom-bootstrap-volume
configMap:
name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }}
{{- end }}
# SDS channel between istioagent and Envoy
- emptyDir:
medium: Memory
name: istio-envoy
- name: istio-data
emptyDir: {}
- name: istio-podinfo
downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- path: "annotations"
fieldRef:
fieldPath: metadata.annotations
{{- if eq .Values.global.jwtPolicy "third-party-jwt" }}
- name: istio-token
projected:
sources:
- serviceAccountToken:
path: istio-token
expirationSeconds: 43200
audience: {{ .Values.global.sds.token.aud }}
{{- end }}
{{- if eq .Values.global.pilotCertProvider "istiod" }}
- name: istiod-ca-cert
configMap:
name: istio-ca-root-cert
{{- end }}
{{- if .Values.global.mountMtlsCerts }}
# Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.
- name: istio-certs
secret:
optional: true
{{ if eq .Spec.ServiceAccountName "" }}
secretName: istio.default
{{ else -}}
secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }}
{{ end -}}
{{- end }}
{{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }}
{{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }}
- name: "{{ $index }}"
{{ toYaml $value | indent 2 }}
{{ end }}
{{ end }}
{{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }}
- name: lightstep-certs
secret:
optional: true
secretName: lightstep.cacert
{{- end }}
{{- if .Values.global.podDNSSearchNamespaces }}
dnsConfig:
searches:
{{- range .Values.global.podDNSSearchNamespaces }}
- {{ render . }}
{{- end }}
{{- end }}
podRedirectAnnot:
{{- if and (.Values.istio_cni.enabled) (not .Values.istio_cni.chained) }}
{{ if isset .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks` }}
k8s.v1.cni.cncf.io/networks: "{{ index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`}}, istio-cni"
{{- else }}
k8s.v1.cni.cncf.io/networks: "istio-cni"
{{- end }}
{{- end }}
sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}"
traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}"
traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}"
traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}"
traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}"
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }}
traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
{{- end }}
traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: istio-sidecar-injector
labels:
istio.io/rev: default
app: sidecar-injector
release: istio
webhooks:
- name: sidecar-injector.istio.io
clientConfig:
service:
name: istiod
namespace: istio-system
path: "/inject"
caBundle: ""
sideEffects: None
rules:
- operations: [ "CREATE" ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
failurePolicy: Fail
namespaceSelector:
matchLabels:
istio-injection: enabled
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: istiod
namespace: istio-system
labels:
app: istiod
istio.io/rev: default
release: istio
istio: pilot
spec:
minAvailable: 1
selector:
matchLabels:
app: istiod
istio: pilot
---
apiVersion: v1
kind: Service
metadata:
name: istiod
namespace: istio-system
labels:
istio.io/rev: default
app: istiod
istio: pilot
release: istio
spec:
ports:
- port: 15010
name: grpc-xds # plaintext
- port: 15012
name: https-dns # mTLS with k8s-signed cert
- port: 443
name: https-webhook # validation and injection
targetPort: 15017
- port: 15014
name: http-monitoring # prometheus stats
- name: dns
port: 53
targetPort: 15053
protocol: UDP
- name: dns-tls
port: 853
targetPort: 15053
protocol: TCP
selector:
app: istiod
# Label used by the 'default' service. For versioned deployments we match with app and version.
# This avoids default deployment picking the canary
istio: pilot
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: metadata-exchange-1.4
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: ANY # inbound, outbound, and gateway
proxy:
proxyVersion: '^1\.4.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
config:
config:
configuration: envoy.wasm.metadata_exchange
vm_config:
runtime: envoy.wasm.runtime.null
code:
inline_string: envoy.wasm.metadata_exchange
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: stats-filter-1.4
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.4.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
config:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: stats_outbound
runtime: envoy.wasm.runtime.null
code:
inline_string: envoy.wasm.stats
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.4.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
config:
config:
root_id: stats_inbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: stats_inbound
runtime: envoy.wasm.runtime.null
code:
inline_string: envoy.wasm.stats
- applyTo: HTTP_FILTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.4.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
config:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
"disable_host_header_fallback": true,
}
vm_config:
vm_id: stats_outbound
runtime: envoy.wasm.runtime.null
code:
inline_string: envoy.wasm.stats
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: metadata-exchange-1.5
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: ANY # inbound, outbound, and gateway
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm
value:
config:
configuration: envoy.wasm.metadata_exchange
vm_config:
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.metadata_exchange
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tcp-metadata-exchange-1.5
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.5.*'
listener: {}
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.network.metadata_exchange
config:
protocol: istio-peer-exchange
- applyTo: CLUSTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.5.*'
cluster: {}
patch:
operation: MERGE
value:
filters:
- name: envoy.filters.network.upstream.metadata_exchange
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange
value:
protocol: istio-peer-exchange
- applyTo: CLUSTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.5.*'
cluster: {}
patch:
operation: MERGE
value:
filters:
- name: envoy.filters.network.upstream.metadata_exchange
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange
value:
protocol: istio-peer-exchange
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: stats-filter-1.5
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm
value:
config:
root_id: stats_inbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: stats_inbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
- applyTo: HTTP_FILTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
"disable_host_header_fallback": true,
}
vm_config:
vm_id: stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tcp-stats-filter-1.5
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.tcp_proxy"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.network.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.network.wasm.v2.Wasm
value:
config:
root_id: stats_inbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: tcp_stats_inbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.tcp_proxy"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.network.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.network.wasm.v2.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: tcp_stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
- applyTo: NETWORK_FILTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.5.*'
listener:
filterChain:
filter:
name: "envoy.tcp_proxy"
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.network.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.config.filter.network.wasm.v2.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
}
vm_config:
vm_id: tcp_stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: metadata-exchange-1.6
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: ANY # inbound, outbound, and gateway
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
patch:
operation: INSERT_BEFORE
value:
name: istio.metadata_exchange
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
value:
config:
configuration: |
{}
vm_config:
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.metadata_exchange
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tcp-metadata-exchange-1.6
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.6.*'
listener: {}
patch:
operation: INSERT_BEFORE
value:
name: istio.metadata_exchange
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange
value:
protocol: istio-peer-exchange
- applyTo: CLUSTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.6.*'
cluster: {}
patch:
operation: MERGE
value:
filters:
- name: istio.metadata_exchange
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange
value:
protocol: istio-peer-exchange
- applyTo: CLUSTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.6.*'
cluster: {}
patch:
operation: MERGE
value:
filters:
- name: istio.metadata_exchange
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange
value:
protocol: istio-peer-exchange
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: stats-filter-1.6
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: istio.stats
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio"
}
vm_config:
vm_id: stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: istio.stats
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
value:
config:
root_id: stats_inbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio"
}
vm_config:
vm_id: stats_inbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
- applyTo: HTTP_FILTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: istio.stats
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio",
"disable_host_header_fallback": true
}
vm_config:
vm_id: stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: envoy.wasm.stats
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tcp-stats-filter-1.6
namespace: istio-system
labels:
istio.io/rev: default
spec:
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_INBOUND
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.tcp_proxy"
patch:
operation: INSERT_BEFORE
value:
name: istio.stats
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
value:
config:
root_id: stats_inbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio"
}
vm_config:
vm_id: tcp_stats_inbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.tcp_proxy"
patch:
operation: INSERT_BEFORE
value:
name: istio.stats
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio"
}
vm_config:
vm_id: tcp_stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
- applyTo: NETWORK_FILTER
match:
context: GATEWAY
proxy:
proxyVersion: '^1\.6.*'
listener:
filterChain:
filter:
name: "envoy.tcp_proxy"
patch:
operation: INSERT_BEFORE
value:
name: istio.stats
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm
value:
config:
root_id: stats_outbound
configuration: |
{
"debug": "false",
"stat_prefix": "istio"
}
vm_config:
vm_id: tcp_stats_outbound
runtime: envoy.wasm.runtime.null
code:
local:
inline_string: "envoy.wasm.stats"
---
# Policy component is disabled.
# Telemetry component is disabled.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment