Cilium Policy Verdicts
Cilium Policy Verdicts Dashboard
This dashboard provides visibility on Network Policy application in a Cilium cluster.
Requirements
Cilium Version
This dashboard uses the hubble_policy_verdicts_total metrics, which was
introduced in:
- Isovalent Cilium Enterprise 1.12.0
- Cilium OSS 1.13.0
Configuration
The hubble_policy_verdicts_total needs to be enabled in the Cilium metrics.
This can be achieved by using the policy metrics in hubble.metrics.enabled,
for example using Helm values:
hubble:
metrics:
enabled:
- "policy:sourceContext=app|workload-name|pod|reserved-identity;destinationContext=app|workload-name|pod|dns|reserved-identity;labelsContext=source_namespace,destination_namespace"This example will enable policy metrics (you can add more metrics to that list).
Additionally, it will configure the labels for
the policy metric series to use:
app,workload-name,podorreserved-identityfor source flowsapp,workload-name,pod,dns, orreserved-identityfor destination flows- additional
source_namespaceanddestination_namespacelabels
The present Grafana dashboard is optimized for this context configuration (see documentation).
Data source config
Collector type:
Collector plugins:
Collector config:
Dashboard revisions
Upload an updated version of an exported dashboard.json file from Grafana
| Revision | Decscription | Created | |
|---|---|---|---|
| Download |
Sign up for Grafana Cloud
Get up and running in minutes with the Grafana Cloud free tier, which includes free forever 10k metrics, 50GB logs, 50GB traces, 500 VUh, and more.
Get this dashboard
Data source:
Dependencies: