Cilium Policy Verdicts
Cilium Policy Verdicts Dashboard
This dashboard provides visibility on Network Policy application in a Cilium cluster.
Requirements
Cilium Version
This dashboard uses the hubble_policy_verdicts_total metrics, which was
introduced in:
- Isovalent Cilium Enterprise 1.12.0
- Cilium OSS 1.13.0
Configuration
The hubble_policy_verdicts_total needs to be enabled in the Cilium metrics.
This can be achieved by using the policy metrics in hubble.metrics.enabled,
for example using Helm values:
hubble:
metrics:
enabled:
- policy:sourceContext=app|workload-name|pod|reserved-identity;destinationContext=app|workload-name|pod|dns|reserved-identity;labelContext=source_namespace;destination_namespace
This example will enable policy metrics (you can add more metrics to that list).
Additionally, it will configure the labels for
the policy metric series to use:
app,workload-name,podorreserved-identityfor source flowsapp,workload-name,pod,dns, orreserved-identityfor destination flows- additional
source_namespaceanddestination_namespacelabels
The present Grafana dashboard is optimized for this context configuration (see documentation).
Dashboard revisions
Upload an updated version of an exported dashboard.json file from Grafana
| Revision | Decscription | Created | |
|---|---|---|---|
| Download |
Get this dashboard
Data source:
Dependencies: