+# Source: istio/templates/install-custom-resources.sh.tpl
+
+
+---
+# Source: istio/charts/mixer/templates/config.yaml
+apiVersion: "config.istio.io/v1alpha2"
+kind: attributemanifest
+metadata:
+ name: istioproxy
+ namespace: istio-system
+spec:
+ attributes:
+ origin.ip:
+ valueType: IP_ADDRESS
+ origin.uid:
+ valueType: STRING
+ origin.user:
+ valueType: STRING
+ request.headers:
+ valueType: STRING_MAP
+ request.id:
+ valueType: STRING
+ request.host:
+ valueType: STRING
+ request.method:
+ valueType: STRING
+ request.path:
+ valueType: STRING
+ request.reason:
+ valueType: STRING
+ request.referer:
+ valueType: STRING
+ request.scheme:
+ valueType: STRING
+ request.total_size:
+ valueType: INT64
+ request.size:
+ valueType: INT64
+ request.time:
+ valueType: TIMESTAMP
+ request.useragent:
+ valueType: STRING
+ response.code:
+ valueType: INT64
+ response.duration:
+ valueType: DURATION
+ response.headers:
+ valueType: STRING_MAP
+ response.total_size:
+ valueType: INT64
+ response.size:
+ valueType: INT64
+ response.time:
+ valueType: TIMESTAMP
+ source.uid:
+ valueType: STRING
+ source.user: # DEPRECATED
+ valueType: STRING
+ source.principal:
+ valueType: STRING
+ destination.uid:
+ valueType: STRING
+ destination.principal:
+ valueType: STRING
+ destination.port:
+ valueType: INT64
+ connection.event:
+ valueType: STRING
+ connection.id:
+ valueType: STRING
+ connection.received.bytes:
+ valueType: INT64
+ connection.received.bytes_total:
+ valueType: INT64
+ connection.sent.bytes:
+ valueType: INT64
+ connection.sent.bytes_total:
+ valueType: INT64
+ connection.duration:
+ valueType: DURATION
+ connection.mtls:
+ valueType: BOOL
+ context.protocol:
+ valueType: STRING
+ context.timestamp:
+ valueType: TIMESTAMP
+ context.time:
+ valueType: TIMESTAMP
+ # Deprecated, kept for compatibility
+ context.reporter.local:
+ valueType: BOOL
+ context.reporter.kind:
+ valueType: STRING
+ context.reporter.uid:
+ valueType: STRING
+ api.service:
+ valueType: STRING
+ api.version:
+ valueType: STRING
+ api.operation:
+ valueType: STRING
+ api.protocol:
+ valueType: STRING
+ request.auth.principal:
+ valueType: STRING
+ request.auth.audiences:
+ valueType: STRING
+ request.auth.presenter:
+ valueType: STRING
+ request.auth.claims:
+ valueType: STRING_MAP
+ request.auth.raw_claims:
+ valueType: STRING
+ request.api_key:
+ valueType: STRING
+
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: attributemanifest
+metadata:
+ name: kubernetes
+ namespace: istio-system
+spec:
+ attributes:
+ source.ip:
+ valueType: IP_ADDRESS
+ source.labels:
+ valueType: STRING_MAP
+ source.metadata:
+ valueType: STRING_MAP
+ source.name:
+ valueType: STRING
+ source.namespace:
+ valueType: STRING
+ source.owner:
+ valueType: STRING
+ source.service: # DEPRECATED
+ valueType: STRING
+ source.serviceAccount:
+ valueType: STRING
+ source.services:
+ valueType: STRING
+ source.workload.uid:
+ valueType: STRING
+ source.workload.name:
+ valueType: STRING
+ source.workload.namespace:
+ valueType: STRING
+ destination.ip:
+ valueType: IP_ADDRESS
+ destination.labels:
+ valueType: STRING_MAP
+ destination.metadata:
+ valueType: STRING_MAP
+ destination.owner:
+ valueType: STRING
+ destination.name:
+ valueType: STRING
+ destination.container.name:
+ valueType: STRING
+ destination.namespace:
+ valueType: STRING
+ destination.service: # DEPRECATED
+ valueType: STRING
+ destination.service.uid:
+ valueType: STRING
+ destination.service.name:
+ valueType: STRING
+ destination.service.namespace:
+ valueType: STRING
+ destination.service.host:
+ valueType: STRING
+ destination.serviceAccount:
+ valueType: STRING
+ destination.workload.uid:
+ valueType: STRING
+ destination.workload.name:
+ valueType: STRING
+ destination.workload.namespace:
+ valueType: STRING
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: stdio
+metadata:
+ name: handler
+ namespace: istio-system
+spec:
+ outputAsJson: true
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: logentry
+metadata:
+ name: accesslog
+ namespace: istio-system
+spec:
+ severity: '"Info"'
+ timestamp: request.time
+ variables:
+ sourceIp: source.ip | ip("0.0.0.0")
+ sourceApp: source.labels["app"] | ""
+ sourcePrincipal: source.principal | ""
+ sourceName: source.name | ""
+ sourceWorkload: source.workload.name | ""
+ sourceNamespace: source.namespace | ""
+ sourceOwner: source.owner | ""
+ destinationApp: destination.labels["app"] | ""
+ destinationIp: destination.ip | ip("0.0.0.0")
+ destinationServiceHost: destination.service.host | ""
+ destinationWorkload: destination.workload.name | ""
+ destinationName: destination.name | ""
+ destinationNamespace: destination.namespace | ""
+ destinationOwner: destination.owner | ""
+ destinationPrincipal: destination.principal | ""
+ apiClaims: request.auth.raw_claims | ""
+ apiKey: request.api_key | request.headers["x-api-key"] | ""
+ protocol: request.scheme | context.protocol | "http"
+ method: request.method | ""
+ url: request.path | ""
+ responseCode: response.code | 0
+ responseSize: response.size | 0
+ requestSize: request.size | 0
+ requestId: request.headers["x-request-id"] | ""
+ clientTraceId: request.headers["x-client-trace-id"] | ""
+ latency: response.duration | "0ms"
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ userAgent: request.useragent | ""
+ responseTimestamp: response.time
+ receivedBytes: request.total_size | 0
+ sentBytes: response.total_size | 0
+ referer: request.referer | ""
+ httpAuthority: request.headers[":authority"] | request.host | ""
+ xForwardedFor: request.headers["x-forwarded-for"] | "0.0.0.0"
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ monitored_resource_type: '"global"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: logentry
+metadata:
+ name: tcpaccesslog
+ namespace: istio-system
+spec:
+ severity: '"Info"'
+ timestamp: context.time | timestamp("2017-01-01T00:00:00Z")
+ variables:
+ connectionEvent: connection.event | ""
+ sourceIp: source.ip | ip("0.0.0.0")
+ sourceApp: source.labels["app"] | ""
+ sourcePrincipal: source.principal | ""
+ sourceName: source.name | ""
+ sourceWorkload: source.workload.name | ""
+ sourceNamespace: source.namespace | ""
+ sourceOwner: source.owner | ""
+ destinationApp: destination.labels["app"] | ""
+ destinationIp: destination.ip | ip("0.0.0.0")
+ destinationServiceHost: destination.service.host | ""
+ destinationWorkload: destination.workload.name | ""
+ destinationName: destination.name | ""
+ destinationNamespace: destination.namespace | ""
+ destinationOwner: destination.owner | ""
+ destinationPrincipal: destination.principal | ""
+ protocol: context.protocol | "tcp"
+ connectionDuration: connection.duration | "0ms"
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ receivedBytes: connection.received.bytes | 0
+ sentBytes: connection.sent.bytes | 0
+ totalReceivedBytes: connection.received.bytes_total | 0
+ totalSentBytes: connection.sent.bytes_total | 0
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ monitored_resource_type: '"global"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: rule
+metadata:
+ name: stdio
+ namespace: istio-system
+spec:
+ match: context.protocol == "http" || context.protocol == "grpc"
+ actions:
+ - handler: handler.stdio
+ instances:
+ - accesslog.logentry
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: rule
+metadata:
+ name: stdiotcp
+ namespace: istio-system
+spec:
+ match: context.protocol == "tcp"
+ actions:
+ - handler: handler.stdio
+ instances:
+ - tcpaccesslog.logentry
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: metric
+metadata:
+ name: requestcount
+ namespace: istio-system
+spec:
+ value: "1"
+ dimensions:
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ source_workload: source.workload.name | "unknown"
+ source_workload_namespace: source.workload.namespace | "unknown"
+ source_principal: source.principal | "unknown"
+ source_app: source.labels["app"] | "unknown"
+ source_version: source.labels["version"] | "unknown"
+ destination_workload: destination.workload.name | "unknown"
+ destination_workload_namespace: destination.workload.namespace | "unknown"
+ destination_principal: destination.principal | "unknown"
+ destination_app: destination.labels["app"] | "unknown"
+ destination_version: destination.labels["version"] | "unknown"
+ destination_service: destination.service.host | "unknown"
+ destination_service_name: destination.service.name | "unknown"
+ destination_service_namespace: destination.service.namespace | "unknown"
+ request_protocol: api.protocol | context.protocol | "unknown"
+ response_code: response.code | 200
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: metric
+metadata:
+ name: requestduration
+ namespace: istio-system
+spec:
+ value: response.duration | "0ms"
+ dimensions:
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ source_workload: source.workload.name | "unknown"
+ source_workload_namespace: source.workload.namespace | "unknown"
+ source_principal: source.principal | "unknown"
+ source_app: source.labels["app"] | "unknown"
+ source_version: source.labels["version"] | "unknown"
+ destination_workload: destination.workload.name | "unknown"
+ destination_workload_namespace: destination.workload.namespace | "unknown"
+ destination_principal: destination.principal | "unknown"
+ destination_app: destination.labels["app"] | "unknown"
+ destination_version: destination.labels["version"] | "unknown"
+ destination_service: destination.service.host | "unknown"
+ destination_service_name: destination.service.name | "unknown"
+ destination_service_namespace: destination.service.namespace | "unknown"
+ request_protocol: api.protocol | context.protocol | "unknown"
+ response_code: response.code | 200
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: metric
+metadata:
+ name: requestsize
+ namespace: istio-system
+spec:
+ value: request.size | 0
+ dimensions:
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ source_workload: source.workload.name | "unknown"
+ source_workload_namespace: source.workload.namespace | "unknown"
+ source_principal: source.principal | "unknown"
+ source_app: source.labels["app"] | "unknown"
+ source_version: source.labels["version"] | "unknown"
+ destination_workload: destination.workload.name | "unknown"
+ destination_workload_namespace: destination.workload.namespace | "unknown"
+ destination_principal: destination.principal | "unknown"
+ destination_app: destination.labels["app"] | "unknown"
+ destination_version: destination.labels["version"] | "unknown"
+ destination_service: destination.service.host | "unknown"
+ destination_service_name: destination.service.name | "unknown"
+ destination_service_namespace: destination.service.namespace | "unknown"
+ request_protocol: api.protocol | context.protocol | "unknown"
+ response_code: response.code | 200
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: metric
+metadata:
+ name: responsesize
+ namespace: istio-system
+spec:
+ value: response.size | 0
+ dimensions:
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ source_workload: source.workload.name | "unknown"
+ source_workload_namespace: source.workload.namespace | "unknown"
+ source_principal: source.principal | "unknown"
+ source_app: source.labels["app"] | "unknown"
+ source_version: source.labels["version"] | "unknown"
+ destination_workload: destination.workload.name | "unknown"
+ destination_workload_namespace: destination.workload.namespace | "unknown"
+ destination_principal: destination.principal | "unknown"
+ destination_app: destination.labels["app"] | "unknown"
+ destination_version: destination.labels["version"] | "unknown"
+ destination_service: destination.service.host | "unknown"
+ destination_service_name: destination.service.name | "unknown"
+ destination_service_namespace: destination.service.namespace | "unknown"
+ request_protocol: api.protocol | context.protocol | "unknown"
+ response_code: response.code | 200
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: metric
+metadata:
+ name: tcpbytesent
+ namespace: istio-system
+spec:
+ value: connection.sent.bytes | 0
+ dimensions:
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ source_workload: source.workload.name | "unknown"
+ source_workload_namespace: source.workload.namespace | "unknown"
+ source_principal: source.principal | "unknown"
+ source_app: source.labels["app"] | "unknown"
+ source_version: source.labels["version"] | "unknown"
+ destination_workload: destination.workload.name | "unknown"
+ destination_workload_namespace: destination.workload.namespace | "unknown"
+ destination_principal: destination.principal | "unknown"
+ destination_app: destination.labels["app"] | "unknown"
+ destination_version: destination.labels["version"] | "unknown"
+ destination_service: destination.service.name | "unknown"
+ destination_service_name: destination.service.name | "unknown"
+ destination_service_namespace: destination.service.namespace | "unknown"
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: metric
+metadata:
+ name: tcpbytereceived
+ namespace: istio-system
+spec:
+ value: connection.received.bytes | 0
+ dimensions:
+ reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
+ source_workload: source.workload.name | "unknown"
+ source_workload_namespace: source.workload.namespace | "unknown"
+ source_principal: source.principal | "unknown"
+ source_app: source.labels["app"] | "unknown"
+ source_version: source.labels["version"] | "unknown"
+ destination_workload: destination.workload.name | "unknown"
+ destination_workload_namespace: destination.workload.namespace | "unknown"
+ destination_principal: destination.principal | "unknown"
+ destination_app: destination.labels["app"] | "unknown"
+ destination_version: destination.labels["version"] | "unknown"
+ destination_service: destination.service.name | "unknown"
+ destination_service_name: destination.service.name | "unknown"
+ destination_service_namespace: destination.service.namespace | "unknown"
+ connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
+ monitored_resource_type: '"UNSPECIFIED"'
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: prometheus
+metadata:
+ name: handler
+ namespace: istio-system
+spec:
+ metrics:
+ - name: requests_total
+ instance_name: requestcount.metric.istio-system
+ kind: COUNTER
+ label_names:
+ - reporter
+ - source_app
+ - source_principal
+ - source_workload
+ - source_workload_namespace
+ - source_version
+ - destination_app
+ - destination_principal
+ - destination_workload
+ - destination_workload_namespace
+ - destination_version
+ - destination_service
+ - destination_service_name
+ - destination_service_namespace
+ - request_protocol
+ - response_code
+ - connection_security_policy
+ - name: request_duration_seconds
+ instance_name: requestduration.metric.istio-system
+ kind: DISTRIBUTION
+ label_names:
+ - reporter
+ - source_app
+ - source_principal
+ - source_workload
+ - source_workload_namespace
+ - source_version
+ - destination_app
+ - destination_principal
+ - destination_workload
+ - destination_workload_namespace
+ - destination_version
+ - destination_service
+ - destination_service_name
+ - destination_service_namespace
+ - request_protocol
+ - response_code
+ - connection_security_policy
+ buckets:
+ explicit_buckets:
+ bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10]
+ - name: request_bytes
+ instance_name: requestsize.metric.istio-system
+ kind: DISTRIBUTION
+ label_names:
+ - reporter
+ - source_app
+ - source_principal
+ - source_workload
+ - source_workload_namespace
+ - source_version
+ - destination_app
+ - destination_principal
+ - destination_workload
+ - destination_workload_namespace
+ - destination_version
+ - destination_service
+ - destination_service_name
+ - destination_service_namespace
+ - request_protocol
+ - response_code
+ - connection_security_policy
+ buckets:
+ exponentialBuckets:
+ numFiniteBuckets: 8
+ scale: 1
+ growthFactor: 10
+ - name: response_bytes
+ instance_name: responsesize.metric.istio-system
+ kind: DISTRIBUTION
+ label_names:
+ - reporter
+ - source_app
+ - source_principal
+ - source_workload
+ - source_workload_namespace
+ - source_version
+ - destination_app
+ - destination_principal
+ - destination_workload
+ - destination_workload_namespace
+ - destination_version
+ - destination_service
+ - destination_service_name
+ - destination_service_namespace
+ - request_protocol
+ - response_code
+ - connection_security_policy
+ buckets:
+ exponentialBuckets:
+ numFiniteBuckets: 8
+ scale: 1
+ growthFactor: 10
+ - name: tcp_sent_bytes_total
+ instance_name: tcpbytesent.metric.istio-system
+ kind: COUNTER
+ label_names:
+ - reporter
+ - source_app
+ - source_principal
+ - source_workload
+ - source_workload_namespace
+ - source_version
+ - destination_app
+ - destination_principal
+ - destination_workload
+ - destination_workload_namespace
+ - destination_version
+ - destination_service
+ - destination_service_name
+ - destination_service_namespace
+ - connection_security_policy
+ - name: tcp_received_bytes_total
+ instance_name: tcpbytereceived.metric.istio-system
+ kind: COUNTER
+ label_names:
+ - reporter
+ - source_app
+ - source_principal
+ - source_workload
+ - source_workload_namespace
+ - source_version
+ - destination_app
+ - destination_principal
+ - destination_workload
+ - destination_workload_namespace
+ - destination_version
+ - destination_service
+ - destination_service_name
+ - destination_service_namespace
+ - connection_security_policy
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: rule
+metadata:
+ name: promhttp
+ namespace: istio-system
+spec:
+ match: context.protocol == "http" || context.protocol == "grpc"
+ actions:
+ - handler: handler.prometheus
+ instances:
+ - requestcount.metric
+ - requestduration.metric
+ - requestsize.metric
+ - responsesize.metric
+---
+apiVersion: "config.istio.io/v1alpha2"
+kind: rule
+metadata:
+ name: promtcp
+ namespace: istio-system
+spec:
+ match: context.protocol == "tcp"
+ actions:
+ - handler: handler.prometheus
+ instances:
+ - tcpbytesent.metric
+ - tcpbytereceived.metric
+---