Skip to content

Instantly share code, notes, and snippets.

@danehans

danehans/mixer_cm.yaml

Last active May 18, 2018 20:28
Show Gist options
  • Save danehans/b12968f91cbeb02d8c571e7536a5ad83 to your computer and use it in GitHub Desktop.
Save danehans/b12968f91cbeb02d8c571e7536a5ad83 to your computer and use it in GitHub Desktop.
Download ZIP
istio_mixer_details
Raw
mixer_cm.yaml
$ kubectl get cm/istio-mixer-custom-resources -n $NS -o yaml
apiVersion: v1
data:
custom-resources.yaml: |-
apiVersion: "config.istio.io/v1alpha2"
kind: attributemanifest
metadata:
name: istioproxy
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
attributes:
origin.ip:
valueType: IP_ADDRESS
origin.uid:
valueType: STRING
origin.user:
valueType: STRING
request.headers:
valueType: STRING_MAP
request.id:
valueType: STRING
request.host:
valueType: STRING
request.method:
valueType: STRING
request.path:
valueType: STRING
request.reason:
valueType: STRING
request.referer:
valueType: STRING
request.scheme:
valueType: STRING
request.size:
valueType: INT64
request.time:
valueType: TIMESTAMP
request.useragent:
valueType: STRING
response.code:
valueType: INT64
response.duration:
valueType: DURATION
response.headers:
valueType: STRING_MAP
response.size:
valueType: INT64
response.time:
valueType: TIMESTAMP
source.uid:
valueType: STRING
source.user:
valueType: STRING
destination.uid:
valueType: STRING
connection.id:
valueType: STRING
connection.received.bytes:
valueType: INT64
connection.received.bytes_total:
valueType: INT64
connection.sent.bytes:
valueType: INT64
connection.sent.bytes_total:
valueType: INT64
connection.duration:
valueType: DURATION
connection.mtls:
valueType: BOOL
context.protocol:
valueType: STRING
context.timestamp:
valueType: TIMESTAMP
context.time:
valueType: TIMESTAMP
api.service:
valueType: STRING
api.version:
valueType: STRING
api.operation:
valueType: STRING
api.protocol:
valueType: STRING
request.auth.principal:
valueType: STRING
request.auth.audiences:
valueType: STRING
request.auth.presenter:
valueType: STRING
request.api_key:
valueType: STRING
---
apiVersion: "config.istio.io/v1alpha2"
kind: attributemanifest
metadata:
name: kubernetes
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
attributes:
source.ip:
valueType: IP_ADDRESS
source.labels:
valueType: STRING_MAP
source.name:
valueType: STRING
source.namespace:
valueType: STRING
source.service:
valueType: STRING
source.serviceAccount:
valueType: STRING
destination.ip:
valueType: IP_ADDRESS
destination.labels:
valueType: STRING_MAP
destination.name:
valueType: STRING
destination.namespace:
valueType: STRING
destination.service:
valueType: STRING
destination.serviceAccount:
valueType: STRING
---
apiVersion: "config.istio.io/v1alpha2"
kind: stdio
metadata:
name: handler
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
outputAsJson: true
---
apiVersion: "config.istio.io/v1alpha2"
kind: logentry
metadata:
name: accesslog
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
severity: '"Default"'
timestamp: request.time
variables:
sourceIp: source.ip | ip("0.0.0.0")
destinationIp: destination.ip | ip("0.0.0.0")
sourceUser: source.user | ""
method: request.method | ""
url: request.path | ""
protocol: request.scheme | "http"
responseCode: response.code | 0
responseSize: response.size | 0
requestSize: request.size | 0
latency: response.duration | "0ms"
connectionMtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: stdio
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
match: "true" # If omitted match is true.
actions:
- handler: handler.stdio
instances:
- accesslog.logentry
---
apiVersion: "config.istio.io/v1alpha2"
kind: metric
metadata:
name: requestcount
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
value: "1"
dimensions:
source_service: source.service | "unknown"
source_version: source.labels["version"] | "unknown"
destination_service: destination.service | "unknown"
destination_version: destination.labels["version"] | "unknown"
response_code: response.code | 200
connection_mtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: metric
metadata:
name: requestduration
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
value: response.duration | "0ms"
dimensions:
source_service: source.service | "unknown"
source_version: source.labels["version"] | "unknown"
destination_service: destination.service | "unknown"
destination_version: destination.labels["version"] | "unknown"
response_code: response.code | 200
connection_mtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: metric
metadata:
name: requestsize
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
value: request.size | 0
dimensions:
source_service: source.service | "unknown"
source_version: source.labels["version"] | "unknown"
destination_service: destination.service | "unknown"
destination_version: destination.labels["version"] | "unknown"
response_code: response.code | 200
connection_mtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: metric
metadata:
name: responsesize
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
value: response.size | 0
dimensions:
source_service: source.service | "unknown"
source_version: source.labels["version"] | "unknown"
destination_service: destination.service | "unknown"
destination_version: destination.labels["version"] | "unknown"
response_code: response.code | 200
connection_mtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: metric
metadata:
name: tcpbytesent
namespace: simple-auth-test-735b86b2602c47f7b428
labels:
istio-protocol: tcp # needed so that mixer will only generate when context.protocol == tcp
spec:
value: connection.sent.bytes | 0
dimensions:
source_service: source.service | "unknown"
source_version: source.labels["version"] | "unknown"
destination_service: destination.service | "unknown"
destination_version: destination.labels["version"] | "unknown"
connection_mtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: metric
metadata:
name: tcpbytereceived
namespace: simple-auth-test-735b86b2602c47f7b428
labels:
istio-protocol: tcp # needed so that mixer will only generate when context.protocol == tcp
spec:
value: connection.received.bytes | 0
dimensions:
source_service: source.service | "unknown"
source_version: source.labels["version"] | "unknown"
destination_service: destination.service | "unknown"
destination_version: destination.labels["version"] | "unknown"
connection_mtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
apiVersion: "config.istio.io/v1alpha2"
kind: prometheus
metadata:
name: handler
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
metrics:
- name: request_count
instance_name: requestcount.metric.simple-auth-test-735b86b2602c47f7b428
kind: COUNTER
label_names:
- source_service
- source_version
- destination_service
- destination_version
- response_code
- connection_mtls
- name: request_duration
instance_name: requestduration.metric.simple-auth-test-735b86b2602c47f7b428
kind: DISTRIBUTION
label_names:
- source_service
- source_version
- destination_service
- destination_version
- response_code
- connection_mtls
buckets:
explicit_buckets:
bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]
- name: request_size
instance_name: requestsize.metric.simple-auth-test-735b86b2602c47f7b428
kind: DISTRIBUTION
label_names:
- source_service
- source_version
- destination_service
- destination_version
- response_code
- connection_mtls
buckets:
exponentialBuckets:
numFiniteBuckets: 8
scale: 1
growthFactor: 10
- name: response_size
instance_name: responsesize.metric.simple-auth-test-735b86b2602c47f7b428
kind: DISTRIBUTION
label_names:
- source_service
- source_version
- destination_service
- destination_version
- response_code
- connection_mtls
buckets:
exponentialBuckets:
numFiniteBuckets: 8
scale: 1
growthFactor: 10
- name: tcp_bytes_sent
instance_name: tcpbytesent.metric.simple-auth-test-735b86b2602c47f7b428
kind: COUNTER
label_names:
- source_service
- source_version
- destination_service
- destination_version
- connection_mtls
- name: tcp_bytes_received
instance_name: tcpbytereceived.metric.simple-auth-test-735b86b2602c47f7b428
kind: COUNTER
label_names:
- source_service
- source_version
- destination_service
- destination_version
- connection_mtls
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: promhttp
namespace: simple-auth-test-735b86b2602c47f7b428
labels:
istio-protocol: http
spec:
actions:
- handler: handler.prometheus
instances:
- requestcount.metric
- requestduration.metric
- requestsize.metric
- responsesize.metric
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: promtcp
namespace: simple-auth-test-735b86b2602c47f7b428
labels:
istio-protocol: tcp # needed so that mixer will only execute when context.protocol == TCP
spec:
actions:
- handler: handler.prometheus
instances:
- tcpbytesent.metric
- tcpbytereceived.metric
---
apiVersion: "config.istio.io/v1alpha2"
kind: kubernetesenv
metadata:
name: handler
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
# when running from mixer root, use the following config after adding a
# symbolic link to a kubernetes config file via:
#
# $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig
#
# kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig"
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: kubeattrgenrulerule
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
actions:
- handler: handler.kubernetesenv
instances:
- attributes.kubernetes
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: tcpkubeattrgenrulerule
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
match: context.protocol == "tcp"
actions:
- handler: handler.kubernetesenv
instances:
- attributes.kubernetes
---
apiVersion: "config.istio.io/v1alpha2"
kind: kubernetes
metadata:
name: attributes
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
# Pass the required attribute data to the adapter
source_uid: source.uid | ""
source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr
destination_uid: destination.uid | ""
origin_uid: '""'
origin_ip: ip("0.0.0.0") # default to unspecified ip addr
attribute_bindings:
# Fill the new attributes from the adapter produced output.
# $out refers to an instance of OutputTemplate message
source.ip: $out.source_pod_ip | ip("0.0.0.0")
source.labels: $out.source_labels | emptyStringMap()
source.namespace: $out.source_namespace | "default"
source.service: $out.source_service | "unknown"
source.serviceAccount: $out.source_service_account_name | "unknown"
destination.ip: $out.destination_pod_ip | ip("0.0.0.0")
destination.labels: $out.destination_labels | emptyStringMap()
destination.namespace: $out.destination_namespace | "default"
destination.service: $out.destination_service | "unknown"
destination.serviceAccount: $out.destination_service_account_name | "unknown"
---
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"custom-resources.yaml":"apiVersion: \"config.istio.io/v1alpha2\"\nkind: attributemanifest\nmetadata:\n name: istioproxy\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n attributes:\n origin.ip:\n valueType: IP_ADDRESS\n origin.uid:\n valueType: STRING\n origin.user:\n valueType: STRING\n request.headers:\n valueType: STRING_MAP\n request.id:\n valueType: STRING\n request.host:\n valueType: STRING\n request.method:\n valueType: STRING\n request.path:\n valueType: STRING\n request.reason:\n valueType: STRING\n request.referer:\n valueType: STRING\n request.scheme:\n valueType: STRING\n request.size:\n valueType: INT64\n request.time:\n valueType: TIMESTAMP\n request.useragent:\n valueType: STRING\n response.code:\n valueType: INT64\n response.duration:\n valueType: DURATION\n response.headers:\n valueType: STRING_MAP\n response.size:\n valueType: INT64\n response.time:\n valueType: TIMESTAMP\n source.uid:\n valueType: STRING\n source.user:\n valueType: STRING\n destination.uid:\n valueType: STRING\n connection.id:\n valueType: STRING\n connection.received.bytes:\n valueType: INT64\n connection.received.bytes_total:\n valueType: INT64\n connection.sent.bytes:\n valueType: INT64\n connection.sent.bytes_total:\n valueType: INT64\n connection.duration:\n valueType: DURATION\n connection.mtls:\n valueType: BOOL\n context.protocol:\n valueType: STRING\n context.timestamp:\n valueType: TIMESTAMP\n context.time:\n valueType: TIMESTAMP\n api.service:\n valueType: STRING\n api.version:\n valueType: STRING\n api.operation:\n valueType: STRING\n api.protocol:\n valueType: STRING\n request.auth.principal:\n valueType: STRING\n request.auth.audiences:\n valueType: STRING\n request.auth.presenter:\n valueType: STRING\n request.api_key:\n valueType: STRING\n\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: attributemanifest\nmetadata:\n name: kubernetes\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n attributes:\n source.ip:\n valueType: IP_ADDRESS\n source.labels:\n valueType: STRING_MAP\n source.name:\n valueType: STRING\n source.namespace:\n valueType: STRING\n source.service:\n valueType: STRING\n source.serviceAccount:\n valueType: STRING\n destination.ip:\n valueType: IP_ADDRESS\n destination.labels:\n valueType: STRING_MAP\n destination.name:\n valueType: STRING\n destination.namespace:\n valueType: STRING\n destination.service:\n valueType: STRING\n destination.serviceAccount:\n valueType: STRING\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: stdio\nmetadata:\n name: handler\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n outputAsJson: true\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: logentry\nmetadata:\n name: accesslog\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n severity: '\"Default\"'\n timestamp: request.time\n variables:\n sourceIp: source.ip | ip(\"0.0.0.0\")\n destinationIp: destination.ip | ip(\"0.0.0.0\")\n sourceUser: source.user | \"\"\n method: request.method | \"\"\n url: request.path | \"\"\n protocol: request.scheme | \"http\"\n responseCode: response.code | 0\n responseSize: response.size | 0\n requestSize: request.size | 0\n latency: response.duration | \"0ms\"\n connectionMtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: rule\nmetadata:\n name: stdio\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n match: \"true\" # If omitted match is true.\n actions:\n - handler: handler.stdio\n instances:\n - accesslog.logentry\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: metric\nmetadata:\n name: requestcount\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n value: \"1\"\n dimensions:\n source_service: source.service | \"unknown\"\n source_version: source.labels[\"version\"] | \"unknown\"\n destination_service: destination.service | \"unknown\"\n destination_version: destination.labels[\"version\"] | \"unknown\"\n response_code: response.code | 200\n connection_mtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: metric\nmetadata:\n name: requestduration\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n value: response.duration | \"0ms\"\n dimensions:\n source_service: source.service | \"unknown\"\n source_version: source.labels[\"version\"] | \"unknown\"\n destination_service: destination.service | \"unknown\"\n destination_version: destination.labels[\"version\"] | \"unknown\"\n response_code: response.code | 200\n connection_mtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: metric\nmetadata:\n name: requestsize\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n value: request.size | 0\n dimensions:\n source_service: source.service | \"unknown\"\n source_version: source.labels[\"version\"] | \"unknown\"\n destination_service: destination.service | \"unknown\"\n destination_version: destination.labels[\"version\"] | \"unknown\"\n response_code: response.code | 200\n connection_mtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: metric\nmetadata:\n name: responsesize\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n value: response.size | 0\n dimensions:\n source_service: source.service | \"unknown\"\n source_version: source.labels[\"version\"] | \"unknown\"\n destination_service: destination.service | \"unknown\"\n destination_version: destination.labels[\"version\"] | \"unknown\"\n response_code: response.code | 200\n connection_mtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: metric\nmetadata:\n name: tcpbytesent\n namespace: simple-auth-test-735b86b2602c47f7b428\n labels:\n istio-protocol: tcp # needed so that mixer will only generate when context.protocol == tcp\nspec:\n value: connection.sent.bytes | 0\n dimensions:\n source_service: source.service | \"unknown\"\n source_version: source.labels[\"version\"] | \"unknown\"\n destination_service: destination.service | \"unknown\"\n destination_version: destination.labels[\"version\"] | \"unknown\"\n connection_mtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: metric\nmetadata:\n name: tcpbytereceived\n namespace: simple-auth-test-735b86b2602c47f7b428\n labels:\n istio-protocol: tcp # needed so that mixer will only generate when context.protocol == tcp\nspec:\n value: connection.received.bytes | 0\n dimensions:\n source_service: source.service | \"unknown\"\n source_version: source.labels[\"version\"] | \"unknown\"\n destination_service: destination.service | \"unknown\"\n destination_version: destination.labels[\"version\"] | \"unknown\"\n connection_mtls: connection.mtls | false\n monitored_resource_type: '\"UNSPECIFIED\"'\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: prometheus\nmetadata:\n name: handler\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n metrics:\n - name: request_count\n instance_name: requestcount.metric.simple-auth-test-735b86b2602c47f7b428\n kind: COUNTER\n label_names:\n - source_service\n - source_version\n - destination_service\n - destination_version\n - response_code\n - connection_mtls\n - name: request_duration\n instance_name: requestduration.metric.simple-auth-test-735b86b2602c47f7b428\n kind: DISTRIBUTION\n label_names:\n - source_service\n - source_version\n - destination_service\n - destination_version\n - response_code\n - connection_mtls\n buckets:\n explicit_buckets:\n bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]\n - name: request_size\n instance_name: requestsize.metric.simple-auth-test-735b86b2602c47f7b428\n kind: DISTRIBUTION\n label_names:\n - source_service\n - source_version\n - destination_service\n - destination_version\n - response_code\n - connection_mtls\n buckets:\n exponentialBuckets:\n numFiniteBuckets: 8\n scale: 1\n growthFactor: 10\n - name: response_size\n instance_name: responsesize.metric.simple-auth-test-735b86b2602c47f7b428\n kind: DISTRIBUTION\n label_names:\n - source_service\n - source_version\n - destination_service\n - destination_version\n - response_code\n - connection_mtls\n buckets:\n exponentialBuckets:\n numFiniteBuckets: 8\n scale: 1\n growthFactor: 10\n - name: tcp_bytes_sent\n instance_name: tcpbytesent.metric.simple-auth-test-735b86b2602c47f7b428\n kind: COUNTER\n label_names:\n - source_service\n - source_version\n - destination_service\n - destination_version\n - connection_mtls\n - name: tcp_bytes_received\n instance_name: tcpbytereceived.metric.simple-auth-test-735b86b2602c47f7b428\n kind: COUNTER\n label_names:\n - source_service\n - source_version\n - destination_service\n - destination_version\n - connection_mtls\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: rule\nmetadata:\n name: promhttp\n namespace: simple-auth-test-735b86b2602c47f7b428\n labels:\n istio-protocol: http\nspec:\n actions:\n - handler: handler.prometheus\n instances:\n - requestcount.metric\n - requestduration.metric\n - requestsize.metric\n - responsesize.metric\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: rule\nmetadata:\n name: promtcp\n namespace: simple-auth-test-735b86b2602c47f7b428\n labels:\n istio-protocol: tcp # needed so that mixer will only execute when context.protocol == TCP\nspec:\n actions:\n - handler: handler.prometheus\n instances:\n - tcpbytesent.metric\n - tcpbytereceived.metric\n---\n\napiVersion: \"config.istio.io/v1alpha2\"\nkind: kubernetesenv\nmetadata:\n name: handler\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n # when running from mixer root, use the following config after adding a\n # symbolic link to a kubernetes config file via:\n #\n # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig\n #\n # kubeconfig_path: \"mixer/adapter/kubernetes/kubeconfig\"\n\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: rule\nmetadata:\n name: kubeattrgenrulerule\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n actions:\n - handler: handler.kubernetesenv\n instances:\n - attributes.kubernetes\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: rule\nmetadata:\n name: tcpkubeattrgenrulerule\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n match: context.protocol == \"tcp\"\n actions:\n - handler: handler.kubernetesenv\n instances:\n - attributes.kubernetes\n---\napiVersion: \"config.istio.io/v1alpha2\"\nkind: kubernetes\nmetadata:\n name: attributes\n namespace: simple-auth-test-735b86b2602c47f7b428\nspec:\n # Pass the required attribute data to the adapter\n source_uid: source.uid | \"\"\n source_ip: source.ip | ip(\"0.0.0.0\") # default to unspecified ip addr\n destination_uid: destination.uid | \"\"\n origin_uid: '\"\"'\n origin_ip: ip(\"0.0.0.0\") # default to unspecified ip addr\n attribute_bindings:\n # Fill the new attributes from the adapter produced output.\n # $out refers to an instance of OutputTemplate message\n source.ip: $out.source_pod_ip | ip(\"0.0.0.0\")\n source.labels: $out.source_labels | emptyStringMap()\n source.namespace: $out.source_namespace | \"default\"\n source.service: $out.source_service | \"unknown\"\n source.serviceAccount: $out.source_service_account_name | \"unknown\"\n destination.ip: $out.destination_pod_ip | ip(\"0.0.0.0\")\n destination.labels: $out.destination_labels | emptyStringMap()\n destination.namespace: $out.destination_namespace | \"default\"\n destination.service: $out.destination_service | \"unknown\"\n destination.serviceAccount: $out.destination_service_account_name | \"unknown\"\n---"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"istio-mixer","chart":"mixer-0.8.0","heritage":"Tiller","istio":"mixer","release":"RELEASE-NAME"},"name":"istio-mixer-custom-resources","namespace":"simple-auth-test-735b86b2602c47f7b428"}}
creationTimestamp: 2018-05-16T21:37:30Z
labels:
app: istio-mixer
chart: mixer-0.8.0
heritage: Tiller
istio: mixer
release: RELEASE-NAME
name: istio-mixer-custom-resources
namespace: simple-auth-test-735b86b2602c47f7b428
resourceVersion: "3696467"
selfLink: /api/v1/namespaces/simple-auth-test-735b86b2602c47f7b428/configmaps/istio-mixer-custom-resources
uid: 55d1e7a3-5951-11e8-86c2-005056bcada2
Raw
mixer_pod.log
Mixer started with
MaxMessageSize: 1048576
MaxConcurrentStreams: 1024
APIWorkerPoolSize: 1024
AdapterWorkerPoolSize: 1024
APIPort: 9091
MonitoringPort: 9093
EnableProfiling: true
SingleThreaded: false
ConfigStoreURL: k8s://?ns=simple-auth-test-735b86b2602c47f7b428
ConfigDefaultNamespace: simple-auth-test-735b86b2602c47f7b428
ConfigIdentityAttribute: destination.service
ConfigIdentityAttributeDomain: svc.cluster.local
LoggingOptions: log.Options{OutputPaths:[]string{"stdout"}, ErrorOutputPaths:[]string{"stderr"}, RotateOutputPath:"", RotationMaxSize:104857600, RotationMaxAge:30, RotationMaxBackups:1000, JSONEncoding:false, LogGrpc:true, outputLevels:"default:info", logCallers:"", stackTraceLevels:"default:none"}
TracingOptions: tracing.Options{ZipkinURL:"http://zipkin:9411/api/v1/spans", JaegerURL:"", LogTraceSpans:false}
IntrospectionOptions: ctrlz.Options{Port:0x2694}
2018-05-16T21:37:38.633259Z warn Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
2018-05-16T21:37:38.633703Z info Built new config.Snapshot: id='0'
2018-05-16T21:37:38.633809Z info Built new config.Snapshot: id='1'
2018-05-16T21:37:38.634273Z info Cleaning up handler table, with config ID:-1
2018-05-16T21:38:08.821830Z info Built new config.Snapshot: id='2'
2018-05-16T21:38:08.822887Z info adapters getting kubeconfig from: "" {"adapter": "handler.kubernetesenv.simple-auth-test-735b86b2602c47f7b428"}
2018-05-16T21:38:08.822905Z warn Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
2018-05-16T21:38:08.824217Z info adapters serving prometheus metrics on 42422 {"adapter": "handler.prometheus.simple-auth-test-735b86b2602c47f7b428"}
2018-05-16T21:38:08.824776Z info adapters Waiting for kubernetes cache sync... {"adapter": "handler.kubernetesenv.simple-auth-test-735b86b2602c47f7b428"}
2018-05-16T21:38:08.925000Z info adapters Cache sync successful. {"adapter": "handler.kubernetesenv.simple-auth-test-735b86b2602c47f7b428"}
2018-05-16T21:38:08.929926Z info Cleaning up handler table, with config ID:1
Istio Mixer: [email protected]/istio-bfe10785be332491418ec81a5eddc3b4c19fcaf1-bfe10785be332491418ec81a5eddc3b4c19fcaf1-Clean
Starting gRPC server on port 9091
2018-05-16T21:38:08.932489Z info ControlZ available at 10.51.2.219:9876
<MIXER_CALLS>
# "logentry" is the template
# "instance" specifies the request mapping from attributes to adapter inputs.
# The following is an example of a metric instance configuration that produces the requestduration metric.
---
apiVersion: "config.istio.io/v1alpha2"
kind: logentry
metadata:
name: accesslog
namespace: simple-auth-test-735b86b2602c47f7b428
spec:
severity: '"Default"'
timestamp: request.time
variables:
sourceIp: source.ip | ip("0.0.0.0")
destinationIp: destination.ip | ip("0.0.0.0")
sourceUser: source.user | ""
method: request.method | ""
url: request.path | ""
protocol: request.scheme | "http"
responseCode: response.code | 0
responseSize: response.size | 0
requestSize: request.size | 0
latency: response.duration | "0ms"
connectionMtls: connection.mtls | false
monitored_resource_type: '"UNSPECIFIED"'
---
# and the associated entry in the Mixer event log:
{"level":"info","time":"2018-05-16T21:39:06.928227Z","instance":"accesslog.logentry.simple-auth-test-735b86b2602c47f7b428","connectionMtls":true,"destinationIp":"127.0.0.1","latency":"645.362µs","method":"GET","protocol":"http","requestSize":0,"responseCode":200,"responseSize":2358,"sourceIp":"10.51.1.176","sourceUser":"cluster.local/ns/simple-auth-test-735b86b2602c47f7b428/sa/default","url":"/v1/listeners/istio-ingress/ingress~10.51.1.176~istio-ingress-5c6985cd4d-xz2m2.simple-auth-test-735b86b2602c47f7b428~simple-auth-test-735b86b2602c47f7b428.svc.cluster.local"}
Raw
mixer_pod.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 10.51.1.158/32
sidecar.istio.io/inject: "false"
creationTimestamp: 2018-05-15T22:23:42Z
generateName: istio-telemetry-79b5fb5cbf-
labels:
istio: mixer
istio-mixer-type: telemetry
pod-template-hash: "3561961769"
name: istio-telemetry-79b5fb5cbf-bfzq2
namespace: istio-system
ownerReferences:
- apiVersion: extensions/v1beta1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-telemetry-79b5fb5cbf
uid: 9fb1a60d-588e-11e8-86c2-005056bcada2
resourceVersion: "3557131"
selfLink: /api/v1/namespaces/istio-system/pods/istio-telemetry-79b5fb5cbf-bfzq2
uid: 9fc2581f-588e-11e8-86c2-005056bcada2
spec:
containers:
- args:
- --configStoreURL=k8s://
- --configDefaultNamespace=istio-system
- --trace_zipkin_url=http://zipkin:9411/api/v1/spans
image: docker.io/danehans/mixer:bfe10785be332491418ec81a5eddc3b4c19fcaf1
imagePullPolicy: IfNotPresent
name: mixer
ports:
- containerPort: 9091 # Mixer API
protocol: TCP
- containerPort: 9093 # All Mixer-specific metrics. Used to monitor Mixer itself.
protocol: TCP
- containerPort: 42422 # Mixer-generated mesh metrics.
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-4x67j
readOnly: true
- args:
- proxy
- --serviceCluster
- istio-telemetry
- --templateFile
- /etc/istio/proxy/envoy_telemetry.yaml.tmpl
- --controlPlaneAuthPolicy
- MUTUAL_TLS
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: docker.io/danehans/proxy:bfe10785be332491418ec81a5eddc3b4c19fcaf1
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15004
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/certs
name: istio-certs
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-4x67j
readOnly: true
dnsPolicy: ClusterFirst
nodeName: istio-dev-waa1fbf3da6
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-mixer-service-account
serviceAccountName: istio-mixer-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: istio-certs
secret:
defaultMode: 420
optional: true
secretName: istio.istio-mixer-service-account
- name: istio-mixer-service-account-token-4x67j
secret:
defaultMode: 420
secretName: istio-mixer-service-account-token-4x67j
status:
conditions:
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:42Z
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:50Z
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:42Z
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://b305eb033b61b322ec32d7fd3158d24237746acf3297b77183d547a8b218b275
image: danehans/proxy:bfe10785be332491418ec81a5eddc3b4c19fcaf1
imageID: docker-pullable://danehans/proxy@sha256:03864fcca2a9bd2a3cfdd9ee7a57a865dac6631399fd503e00fa2a286b64cd1d
lastState: {}
name: istio-proxy
ready: true
restartCount: 0
state:
running:
startedAt: 2018-05-15T22:23:49Z
- containerID: docker://484241298d8f0670532003be00116c7beb1afed40360bc6cc0b0cad574c1d871
image: danehans/mixer:bfe10785be332491418ec81a5eddc3b4c19fcaf1
imageID: docker-pullable://danehans/mixer@sha256:08a5bf929498a7b3670cf66c0fafc9bb105378e08a952f57cab4675efdd66515
lastState: {}
name: mixer
ready: true
restartCount: 0
state:
running:
startedAt: 2018-05-15T22:23:48Z
hostIP: 10.1.1.114
phase: Running
podIP: 10.51.1.158
qosClass: BestEffort
startTime: 2018-05-15T22:23:42Z
Raw
mixer_server_logs
# kubectl logs po/istio-telemetry-79b5fb5cbf-bfzq2 -n istio-system -c istio-telemetry
Error from server (BadRequest): container istio-telemetry is not valid for pod istio-telemetry-79b5fb5cbf-bfzq2
root@ssh-jump:~# kubectl logs po/istio-telemetry-79b5fb5cbf-bfzq2 -n istio-system -c mixer
Mixer started with
MaxMessageSize: 1048576
MaxConcurrentStreams: 1024
APIWorkerPoolSize: 1024
AdapterWorkerPoolSize: 1024
APIPort: 9091
MonitoringPort: 9093
EnableProfiling: true
SingleThreaded: false
ConfigStoreURL: k8s://
ConfigDefaultNamespace: istio-system
ConfigIdentityAttribute: destination.service
ConfigIdentityAttributeDomain: svc.cluster.local
LoggingOptions: log.Options{OutputPaths:[]string{"stdout"}, ErrorOutputPaths:[]string{"stderr"}, RotateOutputPath:"", RotationMaxSize:104857600, RotationMaxAge:30, RotationMaxBackups:1000, JSONEncoding:false, LogGrpc:true, outputLevels:"default:info", logCallers:"", stackTraceLevels:"default:none"}
TracingOptions: tracing.Options{ZipkinURL:"http://zipkin:9411/api/v1/spans", JaegerURL:"", LogTraceSpans:false}
IntrospectionOptions: ctrlz.Options{Port:0x2694}
2018-05-15T22:23:51.866123Z warn Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
2018-05-15T22:23:51.887119Z info Built new config.Snapshot: id='0'
2018-05-15T22:23:51.887296Z info Built new config.Snapshot: id='1'
2018-05-15T22:23:51.887449Z info Cleaning up handler table, with config ID:-1
2018-05-15T22:24:22.360900Z info Built new config.Snapshot: id='2'
2018-05-15T22:24:22.365484Z info adapters serving prometheus metrics on 42422 {"adapter": "handler.prometheus.istio-system"}
2018-05-15T22:24:22.365868Z info adapters getting kubeconfig from: "" {"adapter": "handler.kubernetesenv.istio-system"}
2018-05-15T22:24:22.365940Z warn Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
2018-05-15T22:24:22.367043Z info adapters Waiting for kubernetes cache sync... {"adapter": "handler.kubernetesenv.istio-system"}
2018-05-15T22:24:22.467291Z info adapters Cache sync successful. {"adapter": "handler.kubernetesenv.istio-system"}
2018-05-15T22:24:22.470287Z info Cleaning up handler table, with config ID:1
Istio Mixer: [email protected]/istio-bfe10785be332491418ec81a5eddc3b4c19fcaf1-bfe10785be332491418ec81a5eddc3b4c19fcaf1-Clean
Starting gRPC server on port 9091
2018-05-15T22:24:22.481637Z info ControlZ available at 10.51.1.158:9876
Raw
notes.md

Deploy bookinfo using kube-inject:

# Set the custom Docker image info that was used to deploy Istio
export HUB=docker.io/danehans
export TAG=bfe10785be332491418ec81a5eddc3b4c19fcaf1
# Set the ns if not "istio"system"
export N=simple-auth-test-735b86b2602c47f7b428
# Run kube-inject
$ kubectl apply -f <(istioctl kube-inject --debug --hub $HUB --tag $TAG --istioNamespace $N -f samples/bookinfo/kube/bookinfo.yaml)

Exec into a proxy container:

$ kubectl exec -it ratings-v1-6b8f99c74b-sc8gc -c istio-proxy /bin/bash

Available Endpoints for the Proxy Local Admin API:

$ curl http://localhost:15000/
 /: Admin home page
 /certs: print certs on machine
 /clusters: upstream cluster status
 /config_dump: dump current Envoy configs
 /cpuprofiler: enable/disable the CPU profiler
 /healthcheck/fail: cause the server to fail health checks
 /healthcheck/ok: cause the server to pass health checks
 /help: print out list of admin commands
 /hot_restart_version: print the hot restart compatability version
 /listeners: print listener addresses
 /logging: query/change logging levels
 /quitquitquit: exit the server
 /reset_counters: reset all counters to zero
 /runtime: print runtime values
 /runtime_modify: modify runtime values
 /server_info: print server version/status information
 /stats: print server stats

A Good reference for Mixer adapter operator config verification (handlers, rules, instances): https://github.com/istio/istio.github.io/blob/master/_help/troubleshooting.md#where-are-the-metrics-for-my-service

Raw
prom_cm.yaml
$ kubectl get cm/prometheus -n $NS -o yaml
apiVersion: v1
data:
prometheus.yml: |-
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'istio-mesh'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: simple-auth-test-735b86b2602c47f7b428;istio-telemetry;prometheus
- job_name: 'envoy'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: simple-auth-test-735b86b2602c47f7b428;istio-statsd-prom-bridge;statsd-prom
- job_name: 'istio-policy'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: simple-auth-test-735b86b2602c47f7b428;istio-policy;http-monitoring
- job_name: 'istio-telemetry'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: simple-auth-test-735b86b2602c47f7b428;istio-telemetry;http-monitoring
- job_name: 'pilot'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: simple-auth-test-735b86b2602c47f7b428;istio-pilot;http-monitoring
# scrape config for API servers
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
# scrape config for nodes (kubelet)
- job_name: 'kubernetes-nodes'
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics
# Scrape config for Kubelet cAdvisor.
#
# This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics
# (those whose names begin with 'container_') have been removed from the
# Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to
# retrieve those metrics.
#
# In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor
# HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics"
# in that case (and ensure cAdvisor's HTTP server hasn't been disabled with
# the --cadvisor-port=0 Kubelet flag).
#
# This job is not necessary and should be removed in Kubernetes 1.6 and
# earlier versions, or it will cause the metrics to be scraped twice.
- job_name: 'kubernetes-cadvisor'
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
# scrape config for service endpoints.
- job_name: 'kubernetes-service-endpoints'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
action: replace
target_label: kubernetes_name
# Example scrape config for pods
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod_name
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"prometheus.yml":"global:\n scrape_interval: 15s\nscrape_configs:\n\n- job_name: 'istio-mesh'\n # Override the global default and scrape targets from this job every 5 seconds.\n scrape_interval: 5s\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: simple-auth-test-735b86b2602c47f7b428;istio-telemetry;prometheus\n\n- job_name: 'envoy'\n # Override the global default and scrape targets from this job every 5 seconds.\n scrape_interval: 5s\n # metrics_path defaults to '/metrics'\n # scheme defaults to 'http'.\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: simple-auth-test-735b86b2602c47f7b428;istio-statsd-prom-bridge;statsd-prom\n\n- job_name: 'istio-policy'\n # Override the global default and scrape targets from this job every 5 seconds.\n scrape_interval: 5s\n # metrics_path defaults to '/metrics'\n # scheme defaults to 'http'.\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: simple-auth-test-735b86b2602c47f7b428;istio-policy;http-monitoring\n\n- job_name: 'istio-telemetry'\n # Override the global default and scrape targets from this job every 5 seconds.\n scrape_interval: 5s\n # metrics_path defaults to '/metrics'\n # scheme defaults to 'http'.\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: simple-auth-test-735b86b2602c47f7b428;istio-telemetry;http-monitoring\n\n- job_name: 'pilot'\n # Override the global default and scrape targets from this job every 5 seconds.\n scrape_interval: 5s\n # metrics_path defaults to '/metrics'\n # scheme defaults to 'http'.\n\n kubernetes_sd_configs:\n - role: endpoints\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: simple-auth-test-735b86b2602c47f7b428;istio-pilot;http-monitoring\n\n# scrape config for API servers\n- job_name: 'kubernetes-apiservers'\n kubernetes_sd_configs:\n - role: endpoints\n scheme: https\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n relabel_configs:\n - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n action: keep\n regex: default;kubernetes;https\n\n# scrape config for nodes (kubelet)\n- job_name: 'kubernetes-nodes'\n scheme: https\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n relabel_configs:\n - action: labelmap\n regex: __meta_kubernetes_node_label_(.+)\n - target_label: __address__\n replacement: kubernetes.default.svc:443\n - source_labels: [__meta_kubernetes_node_name]\n regex: (.+)\n target_label: __metrics_path__\n replacement: /api/v1/nodes/${1}/proxy/metrics\n\n# Scrape config for Kubelet cAdvisor.\n#\n# This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics\n# (those whose names begin with 'container_') have been removed from the\n# Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to\n# retrieve those metrics.\n#\n# In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor\n# HTTP endpoint; use \"replacement: /api/v1/nodes/${1}:4194/proxy/metrics\"\n# in that case (and ensure cAdvisor's HTTP server hasn't been disabled with\n# the --cadvisor-port=0 Kubelet flag).\n#\n# This job is not necessary and should be removed in Kubernetes 1.6 and\n# earlier versions, or it will cause the metrics to be scraped twice.\n- job_name: 'kubernetes-cadvisor'\n scheme: https\n tls_config:\n ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n kubernetes_sd_configs:\n - role: node\n relabel_configs:\n - action: labelmap\n regex: __meta_kubernetes_node_label_(.+)\n - target_label: __address__\n replacement: kubernetes.default.svc:443\n - source_labels: [__meta_kubernetes_node_name]\n regex: (.+)\n target_label: __metrics_path__\n replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor\n\n# scrape config for service endpoints.\n- job_name: 'kubernetes-service-endpoints'\n kubernetes_sd_configs:\n - role: endpoints\n relabel_configs:\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]\n action: keep\n regex: true\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]\n action: replace\n target_label: __scheme__\n regex: (https?)\n - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]\n action: replace\n target_label: __address__\n regex: ([^:]+)(?::\\d+)?;(\\d+)\n replacement: $1:$2\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n action: replace\n target_label: kubernetes_namespace\n - source_labels: [__meta_kubernetes_service_name]\n action: replace\n target_label: kubernetes_name\n\n# Example scrape config for pods\n- job_name: 'kubernetes-pods'\n kubernetes_sd_configs:\n - role: pod\n\n relabel_configs:\n - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]\n action: keep\n regex: true\n - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]\n action: replace\n regex: ([^:]+)(?::\\d+)?;(\\d+)\n replacement: $1:$2\n target_label: __address__\n - action: labelmap\n regex: __meta_kubernetes_pod_label_(.+)\n - source_labels: [__meta_kubernetes_namespace]\n action: replace\n target_label: namespace\n - source_labels: [__meta_kubernetes_pod_name]\n action: replace\n target_label: pod_name"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"prometheus","chart":"prometheus-0.1.0","heritage":"Tiller","release":"RELEASE-NAME"},"name":"prometheus","namespace":"simple-auth-test-735b86b2602c47f7b428"}}
creationTimestamp: 2018-05-16T21:37:30Z
labels:
app: prometheus
chart: prometheus-0.1.0
heritage: Tiller
release: RELEASE-NAME
name: prometheus
namespace: simple-auth-test-735b86b2602c47f7b428
resourceVersion: "3696468"
selfLink: /api/v1/namespaces/simple-auth-test-735b86b2602c47f7b428/configmaps/prometheus
uid: 55d7f1af-5951-11e8-86c2-005056bcada2
Raw
prom_pod.log
$ kubectl logs po/prometheus-586d95b8d9-f7bbg -n $NS
level=info ts=2018-05-16T21:37:38.501633422Z caller=main.go:220 msg="Starting Prometheus" version="(version=2.2.1, branch=HEAD, revision=bc6058c81272a8d938c05e75607371284236aadc)"
level=info ts=2018-05-16T21:37:38.501708034Z caller=main.go:221 build_context="(go=go1.10, user=root@149e5b3f0829, date=20180314-14:15:45)"
level=info ts=2018-05-16T21:37:38.501792144Z caller=main.go:222 host_details="(Linux 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 prometheus-586d95b8d9-f7bbg (none))"
level=info ts=2018-05-16T21:37:38.501858285Z caller=main.go:223 fd_limits="(soft=1048576, hard=1048576)"
level=info ts=2018-05-16T21:37:38.515903612Z caller=main.go:504 msg="Starting TSDB ..."
level=info ts=2018-05-16T21:37:38.523640281Z caller=web.go:382 component=web msg="Start listening for connections" address=0.0.0.0:9090
level=info ts=2018-05-16T21:37:38.53286601Z caller=main.go:514 msg="TSDB started"
level=info ts=2018-05-16T21:37:38.533407429Z caller=main.go:588 msg="Loading configuration file" filename=/etc/prometheus/prometheus.yml
level=info ts=2018-05-16T21:37:38.539102375Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.542187004Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.544311091Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.546355364Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.551878575Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.553828934Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.561908848Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.566737899Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.56743619Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.568691828Z caller=kubernetes.go:191 component="discovery manager scrape" discovery=k8s msg="Using pod service account via in-cluster config"
level=info ts=2018-05-16T21:37:38.569307985Z caller=main.go:491 msg="Server is ready to receive web requests."
Raw
prom_pod.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 10.51.1.159/32
sidecar.istio.io/inject: "false"
creationTimestamp: 2018-05-15T22:23:42Z
generateName: prometheus-586d95b8d9-
labels:
app: prometheus
pod-template-hash: "1428516485"
name: prometheus-586d95b8d9-lzstf
namespace: istio-system
ownerReferences:
- apiVersion: extensions/v1beta1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: prometheus-586d95b8d9
uid: 9fc19bae-588e-11e8-86c2-005056bcada2
resourceVersion: "3557179"
selfLink: /api/v1/namespaces/istio-system/pods/prometheus-586d95b8d9-lzstf
uid: 9fcb55af-588e-11e8-86c2-005056bcada2
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- --storage.tsdb.retention=6h
- --config.file=/etc/prometheus/prometheus.yml
image: docker.io/prom/prometheus:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /-/healthy
port: 9090
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: prometheus
ports:
- containerPort: 9090
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /-/ready
port: 9090
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/prometheus
name: config-volume
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: prometheus-token-2hvqq
readOnly: true
dnsPolicy: ClusterFirst
nodeName: istio-dev-waa1fbf3da6
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: prometheus
serviceAccountName: prometheus
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 420
name: prometheus
name: config-volume
- name: prometheus-token-2hvqq
secret:
defaultMode: 420
secretName: prometheus-token-2hvqq
status:
conditions:
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:42Z
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:24:01Z
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:42Z
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://2de02fe7e0f4b359867adb6f434d560b7c258ddfb5b02b3a1e7dc6534a8b6a44
image: prom/prometheus:latest
imageID: docker-pullable://prom/prometheus@sha256:14cafab6a73222c859cf46c16bda6b94839d31b7ab25e70ac8aa19809c6055a8
lastState: {}
name: prometheus
ready: true
restartCount: 0
state:
running:
startedAt: 2018-05-15T22:23:49Z
hostIP: 10.1.1.114
phase: Running
podIP: 10.51.1.159
qosClass: BestEffort
startTime: 2018-05-15T22:23:42Z
Raw
proxy_config.yaml
# Envoy gets configured by Pilot. The Istio deployment manifest includes a ConfigMap
# to configure "mesh-wide" params. A key param is the "statsdUdpAddress":
# statsdUdpAddress: istio-statsd-prom-bridge.simple-auth-test-735b86b2602c47f7b428:9125
# Statsd metrics collector converts statsd metrics into Prometheus metrics.
# Envoy Stats Archiecture: https://www.envoyproxy.io/docs/envoy/v1.5.0/intro/arch_overview/statistics#arch-overview-statistics
$ cat /etc/istio/proxy/envoy-rev0.json
{
"stats_config": { # https://www.envoyproxy.io/docs/envoy/v1.5.0/api-v2/bootstrap.proto#envoy-api-msg-statsconfig
"use_all_default_tags": false
},
<SNIP>
"stats_sinks": [ # https://www.envoyproxy.io/docs/envoy/v1.5.0/api-v2/bootstrap.proto#envoy-api-msg-statssink
{
"name": "envoy.statsd",
"config": {
"address": {
"socket_address": {"address": "10.109.5.99", "port_value": 9125} # Svc IP of istio-statsd-prom-bridge
}
}
}
]
}
View the stats generated by Envoy using the Local Admin API endpoint:
```
$ curl http://localhost:15000/stats
runtime.num_keys: 0
runtime.override_dir_exists: 0
runtime.override_dir_not_exists: 0
server.days_until_first_cert_expiring: 89
server.live: 1
server.memory_allocated: 9653248
server.memory_heap_size: 13631488
server.parent_connections: 0
server.total_connections: 0
server.uptime: 1687
server.version: 0
server.watchdog_mega_miss: 0
server.watchdog_miss: 5
stats.overflow: 0
tcp.tcp.downstream_cx_no_route: 0
tcp.tcp.downstream_cx_rx_bytes_buffered: 0
tcp.tcp.downstream_cx_rx_bytes_total: 0
<SNIP>
```
Raw
statsd_prom_bridge_cm.yaml
$ kubectl get cm/istio-statsd-prom-bridge -n $NS -o yaml
apiVersion: v1
data:
mapping.conf: ""
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"mapping.conf":""},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app":"istio-statsd-prom-bridge","chart":"mixer-0.8.0","heritage":"Tiller","istio":"mixer","release":"RELEASE-NAME"},"name":"istio-statsd-prom-bridge","namespace":"simple-auth-test-735b86b2602c47f7b428"}}
creationTimestamp: 2018-05-16T21:37:30Z
labels:
app: istio-statsd-prom-bridge
chart: mixer-0.8.0
heritage: Tiller
istio: mixer
release: RELEASE-NAME
name: istio-statsd-prom-bridge
namespace: simple-auth-test-735b86b2602c47f7b428
resourceVersion: "3696465"
selfLink: /api/v1/namespaces/simple-auth-test-735b86b2602c47f7b428/configmaps/istio-statsd-prom-bridge
uid: 55c752ed-5951-11e8-86c2-005056bcada2
Raw
statsd_prom_bridge_pod.log
$ kubectl logs po/istio-statsd-prom-bridge-6dbb7dcc7f-ht4dd -n $NS
time="2018-05-16T21:37:36Z" level=info msg="Starting StatsD -> Prometheus Exporter (version=0.6.0, branch=HEAD, revision=3fd85c92fc0d91b3c77bcb1a8b2c7aa2e2a99d04)" source="main.go:149"
time="2018-05-16T21:37:36Z" level=info msg="Build context (go=go1.9.2, user=root@29b80e16fc07, date=20180117-17:45:48)" source="main.go:150"
time="2018-05-16T21:37:36Z" level=info msg="Accepting StatsD Traffic: UDP :9125, TCP :9125" source="main.go:151"
time="2018-05-16T21:37:36Z" level=info msg="Accepting Prometheus Requests on :9102" source="main.go:152"
Raw
statsd_prom_bridge_pod.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 10.51.2.196/32
sidecar.istio.io/inject: "false"
creationTimestamp: 2018-05-15T22:23:41Z
generateName: istio-statsd-prom-bridge-6dbb7dcc7f-
labels:
istio: statsd-prom-bridge
pod-template-hash: "2866387739"
name: istio-statsd-prom-bridge-6dbb7dcc7f-9cxq7
namespace: istio-system
ownerReferences:
- apiVersion: extensions/v1beta1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: istio-statsd-prom-bridge-6dbb7dcc7f
uid: 9f7fc134-588e-11e8-86c2-005056bcada2
resourceVersion: "3557064"
selfLink: /api/v1/namespaces/istio-system/pods/istio-statsd-prom-bridge-6dbb7dcc7f-9cxq7
uid: 9f883274-588e-11e8-86c2-005056bcada2
spec:
containers:
- args:
- -statsd.mapping-config=/etc/statsd/mapping.conf
image: prom/statsd-exporter:latest
imagePullPolicy: IfNotPresent
name: statsd-prom-bridge
ports:
- containerPort: 9102 # Raw stats generated by Envoy (and translated from statsd to prometheus).
protocol: TCP
- containerPort: 9125 # The UDP address on which to receive statsd metrics from proxies.
protocol: UDP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/statsd
name: config-volume
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: istio-mixer-service-account-token-4x67j
readOnly: true
dnsPolicy: ClusterFirst
nodeName: istio-dev-wfe429a0861
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: istio-mixer-service-account
serviceAccountName: istio-mixer-service-account
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- configMap:
defaultMode: 420
name: istio-statsd-prom-bridge
name: config-volume
- name: istio-mixer-service-account-token-4x67j
secret:
defaultMode: 420
secretName: istio-mixer-service-account-token-4x67j
status:
conditions:
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:42Z
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:46Z
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: 2018-05-15T22:23:42Z
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://a8fce64fc436f5210b36ed7b8c9e2f5d696ca3255fd995565cd4a322e2684054
image: prom/statsd-exporter:latest
imageID: docker-pullable://prom/statsd-exporter@sha256:141a73a5c1753f28648e311ae713359788b0a51458f50859840b0082cafae447
lastState: {}
name: statsd-prom-bridge
ready: true
restartCount: 0
state:
running:
startedAt: 2018-05-15T22:23:45Z
hostIP: 10.1.1.115
phase: Running
podIP: 10.51.2.196
qosClass: BestEffort
startTime: 2018-05-15T22:23:42Z
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment