platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
d5e0da1692693931b3892bef0a976fe2d3f8d558
manifests/values/cilium/cilium-manifests/dashboards/cilium-policy-verdicts.yaml
T

1117 lines
35 KiB
YAML
Raw Blame History

{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: prom-cilium-policy-verdicts-dashboard
namespace: prometheus
labels:
grafana_dashboard: "1"
data:
cilium-policy-verdicts.json: |-
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 18015,
"graphTooltip": 1,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"fixedColor": "green",
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 100,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 0,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "all"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "l3-only"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "orange",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "l3-l4"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "none"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "l7/.*"
},
"properties": [
{
"id": "color",
"value": {
"mode": "continuous-BlPu"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum by (match) (rate(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\", source=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60",
"instant": false,
"legendFormat": "{{`{{match}}`}}",
"range": true,
"refId": "A"
}
],
"title": "Ingress Policy Verdict Rate per Minute by Match Type",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 100,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 0,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "all"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "l3-only"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "orange",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "l3-l4"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "none"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "l7/.*"
},
"properties": [
{
"id": "color",
"value": {
"mode": "continuous-BlPu"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 0
},
"id": 8,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "9.0.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum by (match) (rate(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\", destination=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60",
"instant": false,
"legendFormat": "{{`{{match}}`}}",
"range": true,
"refId": "A"
}
],
"title": "Egress Policy Verdict Rate per Minute by Match Type",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"fixedColor": "green",
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 100,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 0,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "redirected"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "forwarded"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "dropped"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "audit"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-orange",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 9
},
"id": 9,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum by (action) (rate(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\", source=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60",
"instant": false,
"legendFormat": "{{`{{action}}`}}",
"range": true,
"refId": "A"
}
],
"title": "Ingress Policy Verdict Rate per Minute by Action",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 100,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 0,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "redirected"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "forwarded"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "dropped"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "audit"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-orange",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 9
},
"id": 10,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "9.0.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum by (action) (rate(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\", destination=~\"$other_workload\", action=~\"$action\"}[$__rate_interval])) * 60",
"instant": false,
"legendFormat": "{{`{{action}}`}}",
"range": true,
"refId": "A"
}
],
"title": "Egress Policy Verdict Rate per Minute by Action",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"links": [
{
"targetBlank": true,
"title": "live view in hubble",
"url": "https://hubble.{{.Values.clusterConfig.domain}}/?namespace=${__data.fields[\"destination namespace\"]}"
}
],
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 11,
"w": 12,
"x": 0,
"y": 18
},
"id": 6,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"enablePagination": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Value"
}
]
},
"pluginVersion": "11.2.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum by (source_namespace, source, destination_namespace, destination, match, action) (increase(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\", source=~\"$other_workload\", action=~\"$action\"}[$__range])) > 0",
"format": "table",
"instant": true,
"legendFormat": "source: {{`{{source_namespace}}`}}/{{`{{source}}`}} destination: {{`{{destination_namespace}}`}}/{{`{{destination}}`}} match: {{`{{match}}`}} action: {{`{{action}}`}}",
"range": false,
"refId": "A"
}
],
"title": "Current Ingress Policy Verdict Rate Per Minute",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"Time": true,
"container": true,
"destination": false,
"direction": true,
"endpoint": true,
"instance": true,
"job": true,
"namespace": true,
"node": true,
"pod": true,
"service": true
},
"indexByName": {
"Time": 0,
"Value": 7,
"action": 6,
"destination": 4,
"destination_namespace": 3,
"match": 5,
"source": 2,
"source_namespace": 1
},
"renameByName": {
"destination_namespace": "destination namespace",
"source_namespace": "source namespace"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"links": [
{
"targetBlank": true,
"title": "show live view in hubble",
"url": "https://hubble.{{.Values.clusterConfig.domain}}/?namespace=${__data.fields[\"source namespace\"]}"
}
],
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 11,
"w": 12,
"x": 12,
"y": 18
},
"id": 7,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"enablePagination": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Value"
}
]
},
"pluginVersion": "11.2.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"exemplar": false,
"expr": "sum by (destination_namespace, destination, source_namespace, source, match, action) (increase(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\", destination=~\"$other_workload\", action=~\"$action\"}[$__range])) > 0",
"format": "table",
"instant": true,
"legendFormat": "destination: {{`{{destination_namespace}}`}}/{{`{{destination}}`}} source: {{`{{source_namespace}}`}}/{{`{{source}}`}} match: {{`{{match}}`}} action: {{`{{action}}`}}",
"range": false,
"refId": "A"
}
],
"title": "Current Egress Policy Verdict Rate Per Minute",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"Time": true,
"container": true,
"destination": false,
"direction": true,
"endpoint": true,
"instance": true,
"job": true,
"namespace": true,
"node": true,
"pod": true,
"service": true,
"source": false
},
"indexByName": {
"Time": 0,
"Value": 7,
"action": 6,
"destination": 2,
"destination_namespace": 1,
"match": 5,
"source": 4,
"source_namespace": 3
},
"renameByName": {
"Time": "",
"destination_namespace": "destination namespace",
"source_namespace": "source namespace"
}
}
}
],
"type": "table"
}
],
"refresh": "30s",
"schemaVersion": 39,
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"definition": "query_result(hubble_policy_verdicts_total)",
"description": "The Kubernetes namespace the Network Policies apply to",
"hide": 0,
"includeAll": true,
"multi": true,
"name": "namespace",
"options": [],
"query": {
"query": "query_result(hubble_policy_verdicts_total)",
"refId": "StandardVariableQuery"
},
"refresh": 2,
"regex": "/.*namespace=\"([^\"]+)\".*/",
"skipUrlSync": false,
"sort": 1,
"type": "query"
},
{
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))",
"description": "The Kubernetes workload the Network Policies apply to",
"hide": 0,
"includeAll": true,
"multi": true,
"name": "workload",
"options": [],
"query": {
"query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))",
"refId": "StandardVariableQuery"
},
"refresh": 2,
"regex": "/.*workload=\"([^\"]+)\".*/",
"skipUrlSync": false,
"sort": 1,
"type": "query"
},
{
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\"}, \"other_namespace\", \"$1\", \"source_namespace\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\"}, \"other_namespace\", \"$1\", \"destination_namespace\", \"(.+)\"))",
"description": "The non-targeted Kubernetes namespace (source for Ingress, destination for Egress)",
"hide": 0,
"includeAll": true,
"label": "other namespace",
"multi": true,
"name": "other_namespace",
"options": [],
"query": {
"query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\"}, \"other_namespace\", \"$1\", \"source_namespace\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\"}, \"other_namespace\", \"$1\", \"destination_namespace\", \"(.+)\"))",
"refId": "StandardVariableQuery"
},
"refresh": 2,
"regex": "/.*other_namespace=\"([^\"]+)\".*/",
"skipUrlSync": false,
"sort": 1,
"type": "query"
},
{
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"source\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"destination\", \"(.+)\"))",
"description": "The non-targeted Kubernetes workload (source for Ingress, destination for Egress)",
"hide": 0,
"includeAll": true,
"label": "other workload",
"multi": true,
"name": "other_workload",
"options": [],
"query": {
"query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\", destination=~\"$workload\", source_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"source\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\", source=~\"$workload\", destination_namespace=~\"$other_namespace|\"}, \"workload\", \"$1\", \"destination\", \"(.+)\"))",
"refId": "StandardVariableQuery"
},
"refresh": 2,
"regex": "/.*workload=\"([^\"]+)\".*/",
"skipUrlSync": false,
"sort": 1,
"type": "query"
},
{
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"definition": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))",
"description": "Action",
"hide": 0,
"includeAll": true,
"multi": true,
"name": "action",
"options": [],
"query": {
"query": "query_result(label_replace(hubble_policy_verdicts_total{direction=\"ingress\", destination_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"destination\", \"(.+)\") OR label_replace(hubble_policy_verdicts_total{direction=\"egress\", source_namespace=~\"$namespace\"}, \"workload\", \"$1\", \"source\", \"(.+)\"))",
"refId": "StandardVariableQuery"
},
"refresh": 2,
"regex": "/.*action=\"([^\"]+)\".*/",
"skipUrlSync": false,
"sort": 1,
"type": "query"
}
]
},
"time": {
"from": "now-30m",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Cilium Policy Verdicts",
"uid": "nLIA2E37k",
"version": 1,
"weekStart": ""
}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink