Prometheus

    In an Istio mesh, each component exposes an endpoint that emits metrics. Prometheus works by scraping these endpoints and collecting the results. This is configured through the Prometheus configuration file which controls settings for which endpoints to query, the port and path to query, TLS settings, and more.

    To gather metrics for the entire mesh, configure Prometheus to scrape:

    1. The control plane ( deployment)
    2. Ingress and Egress gateways
    3. The Envoy sidecar

    To simplify the configuration of metrics, Istio offers two modes of operation.

    The built-in demo installation of Prometheus contains all the required scraping configuration. To deploy this instance of Prometheus, follow the steps in to install Istio and pass --set values.prometheus.enabled=true during installation.

    This built-in deployment of Prometheus is intended for new users to help them quickly getting started. However, it does not offer advanced customization, like persistence or authentication and as such should not be considered production ready. To use an existing Prometheus instance, add the scraping configurations in prometheus/configmap.yaml to your configuration.

    This configuration will add scrape job configurations for the control plane, as well as for all Envoy sidecars. Additionally, a job is configured to scrape application metrics for all pods with relevant prometheus.io annotations:

    • prometheus.io/scrape determines if a pod should be scraped. Set to true to enable scraping.
    • determines the path to scrape metrics at. Defaults to /metrics.
    • prometheus.io/port determines the port to scrape metrics at. Defaults to 80.

    TLS settings

    When using the bundled Prometheus deployment, this is configured by default. For custom Prometheus deployments, please follow Provision a certificate and key for an application without sidecars to provision a certificate for Prometheus, then add the TLS scraping configuration.

    Option 2: Metrics merging

    This option is newly introduced in Istio 1.6 and is considered alpha at this time.

    To simplify configuration, Istio has the ability to control scraping entirely by prometheus.io annotations. This allows Istio scraping to work out of the box with standard configurations such as the ones provided by the Helm charts.

    While prometheus.io annotations are not a core part of Prometheus, they have become the de facto standard to configure scraping.

    To enable this setting, pass --set meshConfig.enablePrometheusMerge=true during . When this setting is enabled, appropriate prometheus.io annotations will be added to all workloads to set up scraping. If these annotations already exists, they will be overwritten. In these case, the Envoy sidecar will merge Istio’s metrics with the application metrics.

    This option exposes all the metrics in plain text.

    • You need to scrape metrics using TLS.
    • Your Prometheus deployment is not configured to scrape based on standard prometheus.io annotations.

    If required, this feature can be disabled per workload by adding a annotation on a pod.

    For larger meshes, advanced configuration might help Prometheus scale. See Using Prometheus for production-scale monitoring for more information.

    Information on how to integrate with Grafana to set up Istio dashboards.

    Remotely Accessing Telemetry Addons

    This task shows you how to configure external access to the set of Istio telemetry addons.

    Information on how to integrate with cert-manager.