Istio Service Mesh extension

  • Latest Dynatrace
  • Extension
  • Published Oct 27, 2025

Monitor Istio health and performance with Prometheus metrics.

Get Started

Overview

Istio Service Mesh allows you to manage the secure TLS (mTLS) connections between services, which is especially beneficial if your organization uses large-scale applications composed of many microservices.

The extension contains preset dashboards and alert configurations for Istio based on prometheus metrics from Istio components.

Istio metrics give you insights into:

  • Topology.
  • The performance and health of control-plane and data-plane of your Istio mesh.

Use cases

  • Automate discovery and distribute tracing for all Envoy proxies alongside your workloads within your mesh.
  • Assess the health of Istio control plane and data plane (Envoy proxies).
  • Monitor the performance (overhead) of your Istio Service Mesh.
  • Detect Istio specific problems and perform the root cause analysis across complex microservice patterns.
  • Discover and analyze horizontal topology between workloads, pods and services over the mesh.
  • Use dashboards to visualize the status of the service mesh component and performance.

Activation and setup

  1. Enable Prometheus monitoring in Dynatrace. In your Dynatrace environment, go to Kubernetes, edit your Kubernetes cluster settings, and turn on Enable monitoring and Monitor Prometheus exporters. For details, see our official documentation.

  2. Start ingesting Istiod (control plane) metrics. Annotate the Istiod control-plane service to start ingesting metrics exposed by all corresponding pods.

    Use the following command with kubectl connected to the Kubernetes cluster you want to monitor to begin gathering control-plane components from Istiod.

    kubectl annotate --overwrite service istiod -n istio-system \
    metrics.dynatrace.com/port='15014' metrics.dynatrace.com/scrape='true'

  3. Start ingesting Envoy (data plane) metrics. Annotate your services to start ingesting metrics exposed by all corresponding pods. Use the following command with kubectl connected to the Kubernetes cluster you want to monitor to begin gathering Envoy data-plane components from your application pods.

    Adapt the metric keys in the filter as needed if you would like to collect additional metrics. This command will annotate all services in the specified namespace, be sure to modify this command to annotate only certain services.

    kubectl annotate --overwrite service --all -n <your_namespace> \
    metrics.dynatrace.com/port='15020' metrics.dynatrace.com/scrape='true' \
    metrics.dynatrace.com/path="/stats/prometheus" \
    metrics.dynatrace.com/filter='{
        "mode": "include",
        "names": [
          "istio_requests_total",
          "istio_tcp_received_bytes_total",
          "istio_tcp_sent_bytes_total",
          "istio_tcp_connections_closed_total",
          "istio_tcp_connections_opened_total",
          "istio_request_duration_milliseconds",
          "pilot_k8s_cfg_events"
        ]
      }'

    After some minutes, you can verify if everything works as expected by finding Istio and envoy related metrics using Dynatrace metrics browser. The metric keys included in our filter annotation will be the best to look for.

    For troubleshooting and further annotation methods, see Monitor Prometheus metrics in Dynatrace documentation.

  4. Add extension to environment.

    To add this extension to your environment, select Add to environment on the page of this extension in the Dynatrace Hub. After activating the extension, select Dashboards in Dynatrace. You should now find out of the box dashboards for Istio - Control Plane and Istio - Data Plane.

  5. Activate metric events for alerting.

    Additionally, the extension comes with the two pre-configured metric events for alerting. To activate them:

    1. From the Dynatrace navigation menu, select Settings > Anomaly detection > Metric events.

    2. Find the following events

      • Istio - Large number of 500 responses detected: notifies you if more than 10 responses with status code 500 are detected in 3 of any 5 minute period.

      • Istio - Large number of Galley failed validations: notifies you if there are more than 5 failed galley violations detected in 3 of any 5 minute period.

    3. If necessary, select the Edit button to customize the event conditions.

    4. Move the switch next an event to the On position to activate it.

Feature sets

When activating your extension using monitoring configuration, you can limit monitoring to one of the feature sets. To work properly the extension has to collect at least one metric after the activation.

In highly segmented networks, feature sets can reflect the segments of your environment. Then, when you create a monitoring configuration, you can select a feature set and a corresponding ActiveGate group that can connect to this particular segment.

All metrics that aren't categorized into any feature set are considered to be the default and are always reported.

A metric inherits the feature set of a subgroup, which in turn inherits the feature set of a group. Also, the feature set defined on the metric level overrides the feature set defined on the subgroup level, which in turn overrides the feature set defined on the group level.

Hub

Explore in Dynatrace Hub

Monitor Istio health and performance with Prometheus metrics.

Related tags
NetworkService MeshIstioInfrastructure Observability