In addition to the ability to configure policies for service mesh, one of the key capabilities needed is the ability to visualize your applications and network traffic flows in a service mesh.
Service Mesh Dashboard provides visibility into your applications and traffic flows running in a service mesh on a given cluster. This dashboard is based on Kiali.
- Validate whether traffic management polices are being applied as envisioned: Service Mesh can be extremely useful when wanting to implement traffic shaping, A/B Testing, and more. However, you need the ability to validate these use cases and policies. This can be achieved by using the visibility dashboard.
In the following example below, notice that using the service mesh we can validate the ingress gateway on the left for validating whether we can access the applications outside the cluster. We can also validate traffic shifting by using a display filter to see how much traffic is going to one application versus another.
- Validating mTLS Encryption: mTLS encryption represents one of the common use cases for Service Mesh. Using the visibility dashboard, you can validate mTLS encryption for your applications.
In the following example below, the lock represents that the traffic is mTLS encrypted.
Troubleshooting applications: If an application is unable to communicate to the entities it needs to, you can check how the traffic flows are initiated and where the communication is failing. This could include seeing which edges/applications are unhealthy or if there are any failed requests.
Data Retention to compare and contrast traffic flows across service mesh: You can go back in time to check how traffic flows looked like compared to the present. This is especially useful after application or cluster upgrades
The following lists the permissions and accessibility for the service mesh visibility dashboard.
|Org Admin/Org Read-Only||Everything|
|Infra Admin/Infra Read-Only||Cluster-wide view for projects that the user has access to|
|Project Admin/Project Read-Only||Namespaces that the user has access to on a per cluster basis|
|Cluster Admin||Cluster-wide view for projects that the user has access to|
|Cluster Template User||NONE|
|Namespace Admin/Namespace Read-Only||Namespaces that the user has access to on a per cluster basis|
|Workspace Admin||Namespaces that the user has access to on a per cluster basis|
Getting to the Dashboards¶
- Login to the controller and click on dashboards.
- Go to Service Mesh
- Use the appropriate filters to filter to the specific project and cluster
- Alternatively one can access the service mesh dashboard directly from the cluster card.
- Select a set/or all namespaces to start seeing application flows and traffic.
- If no traffic has been flowing in the service mesh, you will see a message about nodes being idle. In this case, you may display idle nodes to see the base application structure.
Navigating the Dashboard¶
Namespaces are labeled with NS and are the bigger boxes with pods contained in them.
Legend and understanding different icons¶
At the bottom left, you can click the legend to see what the different icons represent. This is extremely useful when running specific service mesh use cases such as traffic shifting or circuit breaker.
In the following example, we see that sleep pod represents a traffic source.
You can filter by namespace if you want to see traffic to/from specific namespaces.
Using the traffic filter dropdown on the left, you can do the following:
- filter different types of traffic, such as GRPC, HTTP, and TCP.
- show different metrics in terms of traffic across different protocols. For example, for TCP, if I only want to see received bytes to see why a pod is not receiving certain TCP traffic I can see that.
NOTE: Once new filter parameters are selected, the graph may take a few seconds to reload.
Using the graph dropdown, you can select different visualization types. The default is app graph. However, you can select across the following types:
- App Graph
- Service Graph
- Versioned App Graph
- Workload Graph
See Kiali's Documentation on Graph Types to learn more.
Using the display dropdown, you can add/remove key components from the visibility dashboard while also viewing different characteristics including:
- Traffic Distribution
- Traffic Rate
In the example below, you can see that using the traffic distribution filter, you can validate traffic shaping/shifting use cases to see how much traffic is going to one application versus another.
This can be extremely useful when wanting to validate service reliability across the service mesh or wanting to test use cases like traffic shaping where you can use traffic distribution to see how much traffic is being sent to one part of the service mesh versus another.
Details on Types of traffic¶
You can click a specific flow in the middle to load the type of traffic the flow is representing. For example, in the picture below, you can see that it is HTTP traffic that is being generated.
Historical Workflows/Data Retention¶
7 days worth of historical traffic flows are captured. You can filter traffic for a certain period of time, for example last 1 minute, or last 1 day.
NOTE: The option for 7 days will not appear unless you have 7 days worth of traffic.
In addition, using the replay but to the left of the dropdown, you can go back and replay traffic patterns over a period of time. This is extremely useful when debugging applications and seeing at what point things started/stopped working from a network communication/application point of view and why.
Refreshing the screen¶
At the top right, you have the ability to refresh the visibility screens as well as determine the time on how often it should be refreshed. The default is every 15 seconds.
If you want to visualize for a new project/cluster, click the clear button at the top right to reset the project and cluster so that you can select a new one.