{{- if .Values.clusterConfig.cilium.enabled }} apiVersion: v1 kind: ConfigMap metadata: name: prom-cilium-policy-verdicts-dashboard namespace: prometheus labels: grafana_dashboard: "1" data: cilium-policy-verdicts.json: |- { "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "editable": true, "fiscalYearStartMonth": 0, "gnetId": 18015, "graphTooltip": 1, "links": [], "liveNow": false, "panels": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "green", "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 100, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 0, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "min": 0, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "all" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "l3-only" }, "properties": [ { "id": "color", "value": { "fixedColor": "orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "l3-l4" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "none" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byRegexp", "options": "l7/.*" }, "properties": [ { "id": "color", "value": { "mode": "continuous-BlPu" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 0 }, "id": 2, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "editorMode": "code", "exemplar": false, "expr": "sum by (match) (rate(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\", source=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60", "instant": false, "legendFormat": "{{`{{match}}`}}", "range": true, "refId": "A" } ], "title": "Ingress Policy Verdict Rate per Minute by Match Type", "type": "timeseries" }, { "datasource": { "type": "prometheus", "uid": "prometheus" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 100, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 0, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "all" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "l3-only" }, "properties": [ { "id": "color", "value": { "fixedColor": "orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "l3-l4" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "none" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byRegexp", "options": "l7/.*" }, "properties": [ { "id": "color", "value": { "mode": "continuous-BlPu" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 0 }, "id": 8, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "9.0.1", "targets": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "editorMode": "code", "exemplar": false, "expr": "sum by (match) (rate(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\", destination=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60", "instant": false, "legendFormat": "{{`{{match}}`}}", "range": true, "refId": "A" } ], "title": "Egress Policy Verdict Rate per Minute by Match Type", "type": "timeseries" }, { "datasource": { "type": "prometheus", "uid": "prometheus" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "green", "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 100, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 0, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "min": 0, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "redirected" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "forwarded" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "dropped" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "audit" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-orange", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 9 }, "id": 9, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "editorMode": "code", "exemplar": false, "expr": "sum by (action) (rate(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\", source=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60", "instant": false, "legendFormat": "{{`{{action}}`}}", "range": true, "refId": "A" } ], "title": "Ingress Policy Verdict Rate per Minute by Action", "type": "timeseries" }, { "datasource": { "type": "prometheus", "uid": "prometheus" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 100, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 0, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "redirected" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "forwarded" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "dropped" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "audit" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-orange", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 9 }, "id": 10, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "9.0.1", "targets": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "editorMode": "code", "exemplar": false, "expr": "sum by (action) (rate(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\", destination=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60", "instant": false, "legendFormat": "{{`{{action}}`}}", "range": true, "refId": "A" } ], "title": "Egress Policy Verdict Rate per Minute by Action", "type": "timeseries" }, { "datasource": { "type": "prometheus", "uid": "prometheus" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "links": [ { "targetBlank": true, "title": "live view in hubble", "url": "https://hubble.{{.Values.clusterConfig.domain}}/?namespace=${__data.fields[\"destination namespace\"]}" } ], "mappings": [], "min": 0, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 11, "w": 12, "x": 0, "y": 18 }, "id": 6, "options": { "cellHeight": "sm", "footer": { "countRows": false, "enablePagination": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Value" } ] }, "pluginVersion": "11.2.0", "targets": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "editorMode": "code", "exemplar": false, "expr": "sum by (source_namespace, source, destination_namespace, destination, match, action) (increase(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\", source=~\"$other_workload\", action=~\"$action\"}[$__range])) > 0", "format": "table", "instant": true, "legendFormat": "source: {{`{{source_namespace}}`}}/{{`{{source}}`}} destination: {{`{{destination_namespace}}`}}/{{`{{destination}}`}} match: {{`{{match}}`}} action: {{`{{action}}`}}", "range": false, "refId": "A" } ], "title": "Current Ingress Policy Verdict Rate Per Minute", "transformations": [ { "id": "organize", "options": { "excludeByName": { "Time": true, "container": true, "destination": false, "direction": true, "endpoint": true, "instance": true, "job": true, "namespace": true, "node": true, "pod": true, "service": true }, "indexByName": { "Time": 0, "Value": 7, "action": 6, "destination": 4, "destination_namespace": 3, "match": 5, "source": 2, "source_namespace": 1 }, "renameByName": { "destination_namespace": "destination namespace", "source_namespace": "source namespace" } } } ], "type": "table" }, { "datasource": { "type": "prometheus", "uid": "prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "links": [ { "targetBlank": true, "title": "show live view in hubble", "url": "https://hubble.{{.Values.clusterConfig.domain}}/?namespace=${__data.fields[\"source namespace\"]}" } ], "mappings": [], "min": 0, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 11, "w": 12, "x": 12, "y": 18 }, "id": 7, "options": { "cellHeight": "sm", "footer": { "countRows": false, "enablePagination": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Value" } ] }, "pluginVersion": "11.2.0", "targets": [ { "datasource": { "type": "prometheus", "uid": "prometheus" }, "editorMode": "code", "exemplar": false, "expr": "sum by (destination_namespace, destination, source_namespace, source, match, action) (increase(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\", destination=~\"$other_workload\", action=~\"$action\"}[$__range])) > 0", "format": "table", "instant": true, "legendFormat": "destination: {{`{{destination_namespace}}`}}/{{`{{destination}}`}} source: {{`{{source_namespace}}`}}/{{`{{source}}`}} match: {{`{{match}}`}} action: {{`{{action}}`}}", "range": false, "refId": "A" } ], "title": "Current Egress Policy Verdict Rate Per Minute", "transformations": [ { "id": "organize", "options": { "excludeByName": { "Time": true, "container": true, "destination": false, "direction": true, "endpoint": true, "instance": true, "job": true, "namespace": true, "node": true, "pod": true, "service": true, "source": false }, "indexByName": { "Time": 0, "Value": 7, "action": 6, "destination": 2, "destination_namespace": 1, "match": 5, "source": 4, "source_namespace": 3 }, "renameByName": { "Time": "", "destination_namespace": "destination namespace", "source_namespace": "source namespace" } } } ], "type": "table" } ], "refresh": "30s", "schemaVersion": 39, "tags": [], "templating": { "list": [ { "current": { "selected": true, "text": [ "All" ], "value": [ "$__all" ] }, "datasource": { "type": "prometheus", "uid": "prometheus" }, "definition": "query_result(hubble_policy_verdicts_total)", "description": "The Kubernetes namespace the Network Policies apply to", "hide": 0, "includeAll": true, "multi": true, "name": "namespace", "options": [], "query": { "query": "query_result(hubble_policy_verdicts_total)", "refId": "StandardVariableQuery" }, "refresh": 2, "regex": "/.*namespace=\"([^\"]+)\".*/", "skipUrlSync": false, "sort": 1, "type": "query" }, { "current": { "selected": true, "text": [ "All" ], "value": [ "$__all" ] }, "datasource": { "type": "prometheus", "uid": "prometheus" }, "definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))", "description": "The Kubernetes workload the Network Policies apply to", "hide": 0, "includeAll": true, "multi": true, "name": "workload", "options": [], "query": { "query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))", "refId": "StandardVariableQuery" }, "refresh": 2, "regex": "/.*workload=\"([^\"]+)\".*/", "skipUrlSync": false, "sort": 1, "type": "query" }, { "current": { "selected": true, "text": [ "All" ], "value": [ "$__all" ] }, "datasource": { "type": "prometheus", "uid": "prometheus" }, "definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\"}, \"other_namespace\", \"$1\", \"source_namespace\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\"}, \"other_namespace\", \"$1\", \"destination_namespace\", \"(.+)\"))", "description": "The non-targeted Kubernetes namespace (source for Ingress, destination for Egress)", "hide": 0, "includeAll": true, "label": "other namespace", "multi": true, "name": "other_namespace", "options": [], "query": { "query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\"}, \"other_namespace\", \"$1\", \"source_namespace\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\"}, \"other_namespace\", \"$1\", \"destination_namespace\", \"(.+)\"))", "refId": "StandardVariableQuery" }, "refresh": 2, "regex": "/.*other_namespace=\"([^\"]+)\".*/", "skipUrlSync": false, "sort": 1, "type": "query" }, { "current": { "selected": true, "text": [ "All" ], "value": [ "$__all" ] }, "datasource": { "type": "prometheus", "uid": "prometheus" }, "definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"source\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"destination\", \"(.+)\"))", "description": "The non-targeted Kubernetes workload (source for Ingress, destination for Egress)", "hide": 0, "includeAll": true, "label": "other workload", "multi": true, "name": "other_workload", "options": [], "query": { "query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"source\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"destination\", \"(.+)\"))", "refId": "StandardVariableQuery" }, "refresh": 2, "regex": "/.*workload=\"([^\"]+)\".*/", "skipUrlSync": false, "sort": 1, "type": "query" }, { "current": { "selected": true, "text": [ "All" ], "value": [ "$__all" ] }, "datasource": { "type": "prometheus", "uid": "prometheus" }, "definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))", "description": "Action", "hide": 0, "includeAll": true, "multi": true, "name": "action", "options": [], "query": { "query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))", "refId": "StandardVariableQuery" }, "refresh": 2, "regex": "/.*action=\"([^\"]+)\".*/", "skipUrlSync": false, "sort": 1, "type": "query" } ] }, "time": { "from": "now-30m", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Cilium Policy Verdicts", "uid": "nLIA2E37k", "version": 1, "weekStart": "" } {{- end }}