Skip to main content
logoTetrate Istio SubscriptionVersion: Next

Configuring Istio Monitoring

To set up Istio monitoring dashboards and alert rules, you have two options: configuring via Terraform or using a JSON tarball. For the Terraform method, refer to the section Configure with Terraform. If you prefer using a JSON tarball, refer to the section Configure with JSON tarball.

Prerequisites

Before proceeding, please ensure you have:

  • Prometheus and Grafana installed and configured. For quick demo setup, you can use Demo Installation.
  • Obtained a Grafana token following the official guide.
  • CLI tools e.g. terraform if you are using Terraform or curl if you are using JSON tarball.
  • Acquired credentials from Tetrate to access TIS add-ons repository.
tip

Tetrate use same credentials for FIPS and Add-ons repositories. If you have already acquired credentials for FIPS repository, you can use the same credentials to access TIS add-ons repository.

Option 1: Configure with Terraform

Installing the Terraform Module

  1. Adding credentials

    Include the namespace, repository, and credentials in your .terraformrc or terraform.rc file. The token should encompass the name of the organization that owns the module, the repository housing the module, and the credentials required for API authentication, separated by slashes:

    credentials "terraform.cloudsmith.io" {
      token = "tetrate/tis-containers/<tis_password>"
    }
  2. Installing the Istio monitoring module

    Once your credentials are configured, you can employ the Istio monitoring module as demonstrated below:

    module "istio_monitoring_grafana" {
      source = "terraform.cloudsmith.io/tis-containers/istio-monitoring-grafana/tetrate"
      version = "v0.2.0"
      gf_url  = "<grafana_endpoint>"
      gf_auth = "<grafana_token>"
    }

    After adding this, execute the following commands:

    terraform init
    terraform plan
    terraform apply -auto-approve

Option 2: Configure with JSON tarball

Set the correct environment variables:

export GRAFANA_ENDPOINT=<grafana_endpoint>
export GRAFANA_TOKEN=<grafana_token>
export TIS_PASS=<tis_password>

Downloading Artifacts

Retrieve the JSON tarball artifact containing the dashboards and alert rules.

curl -O "https://dl.cloudsmith.io/$TIS_PASS/tetrate/tis-containers/raw/files/tetrate-istio-monitoring-grafana-v0.2.0.tar.gz"

Untar the tarball with:

tar -zxvf tetrate-istio-monitoring-grafana-v0.2.0.tar.gz

Importing Dashboards

Grafana facilitates the process of importing dashboards. For detailed steps, consult Grafana's official documentation on importing a dashboard.

JSON files can be located under dashboards:

> tree dashboards
dashboards
├── README.md
├── istio-extension-dashboard.json
├── istio-service-dashboard.json
├── istio-workload-dashboard.json
└── pilot-dashboard.json

Provisioning Alert Rules

To provision alert rules in Grafana using the HTTP API, follow these steps:

  1. Generate alert rule configuration:

    Alert rules should be associated with a data source. You can obtain the data source UID from the Grafana WebUI and then generate the JSON file from the template file using the following commands:

    GRAFANA_DATASOURCE=<data_source_uid> envsubst < alerts/dataplane.json.tpl > dataplane.json
    GRAFANA_DATASOURCE=<data_source_uid> envsubst < alerts/controlplane.json.tpl > controlplane.json
  2. (Optional) Create an istio folder if required:

    curl -X POST -H "Authorization: Bearer $GRAFANA_TOKEN" \
    -H "Content-type: application/json" "$GRAFANA_ENDPOINT/api/folders" \
    --data '{"title":"istio"}'
  3. Create alert rules:

    curl -X POST -H "Authorization: Bearer $GRAFANA_TOKEN" \
    -H "Content-type: application/json" "$GRAFANA_ENDPOINT/api/ruler/grafana/api/v1/rules/istio" \
    --data "@dataplane.json"

    curl -X POST -H "Authorization: Bearer $GRAFANA_TOKEN" \
    -H "Content-type: application/json" "$GRAFANA_ENDPOINT/api/ruler/grafana/api/v1/rules/istio" \
    --data "@controlplane.json"

These steps will help you provision alert rules in Grafana using the provided HTTP API.