Grafana Dashboards

SPIRL can be used with Grafana to visualize operational health of trust domains and clusters using pre-built dashboards. This page describes how to use Grafana with official SPIRL operational dashboard templates.

Preconditions

Component Versions

• SPIRL server image version: At least v0.19.1
• SPIRL server Helm chart version: At least v0.15.0
• SPIRL agent image version: At least v0.16.0
• SPIRL system Helm chart version: At least v0.9.0

Enabled telemetry in SPIRL server and agent

Telemetry must be enabled in the SPIRL server and agent, depending on the dashboard you want to import. Instructions for enabling telemetry can be found in the Metrics Reference section.

Note: Latency panels require the emmitLatencyMetrics configuration to be enabled in the given component

Prometheus scraper configuration

SPIRL Grafana dashboard templates rely on a Prometheus scraper configuration that properly collects metrics from Kubernetes pods. Your Prometheus configuration must include a job for scraping Kubernetes pods, typically structured like this:

- job_name: kubernetes-pods
  honor_labels: true
  honor_timestamps: true
  scrape_interval: 1m
  scrape_timeout: 10s
  metrics_path: /metrics
  scheme: http
  kubernetes_sd_configs:
  - role: pod
  relabel_configs:
  # Additional relabeling rules here

Within the relabeling rules, the most critical requirement is including a rule that extracts the pod name into a pod label:

- source_labels: [__meta_kubernetes_pod_name]
  separator: ;
  target_label: pod
  replacement: $1
  action: replace

This specific relabeling rule is essential because SPIRL dashboard templates contain panels that filter metrics by discovered pods using the pod label. Without this relabeling rule, all panels in the dashboards will not function correctly.

The exact configuration may vary depending on your environment, but both the Kubernetes pods job and the pod name relabeling rule shown above (or equivalent settings) must be included.

Envoy Metrics for Service Mesh Dashboard

The Service Mesh dashboard relies on Envoy SDS metrics. When using Istio, you must configure your Istio installation to expose Envoy proxy metrics related to SDS. This can be done by applying an IstioOperator configuration like the following:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
spec:
  profile: default
  meshConfig:
    defaultConfig:
      proxyStatsMatcher:
        inclusionRegexps:
          - ".*sds.*"

This configuration ensures that Envoy proxies in your Istio service mesh will expose metrics related to SDS, which are required for the Service Mesh dashboard to function properly.

Importing Dashboard Templates

To import our dashboard templates into Grafana, copy the JSON file from the SPIRL dashboards GitHub repository and import them into your Grafana instance. The following dashboard templates are available:

• SPIRL Server Dashboard: spirl-trust-domain-server.json
• SPIRL Agent Dashboard: spirl-agent.json
• Service Mesh Dashboard: service-mesh.json

To import a dashboard:

1. Download the JSON payload for the dashboard you want to import
2. In your Grafana instance, navigate to Dashboards > New -> Import
3. Paste the JSON content in the model input field
4. Click on "Load"
5. Select your Prometheus data source that contains the SPIRL metrics
6. Click on "Import" to finish the import process