Advisor
Conductor’s Advisor functionality analyzes the Dapr installation on connected clusters and offers tailored insights and recommendations for optimizing Dapr from development to production. Advisor checks are performed periodically on a cluster-wide basis and any checks that fail are surfaced on the Advisor dashboard.
All Advisor recommendations are labeled with a severity of low, medium, or high. In addition, they are grouped into the following categories:
- Security
- Reliability
- Observability
- Performance (Enterprise-only)
When high-impact advisories are detected that impact a cluster or specific applications within a cluster, they will appear in the Cluster summary
view under High-Impact Advisories
and will also cause the state of the Insights
indicator to become Issues Detected
. See clusters and applications for more details.
High-impact advisory detection can also be surfaced up via configuration of advisor rules as explained in notifications.
View Advisories
Advisories can be found by navigating to the Advisor
tab within a given cluster connection. The advisories are calculated on a 15-minute interval and displayed in the console grouped by category and severity. Use the Sync Advisories
button to manually reconcile the state of advisories on the cluster outside of the rolling 15-minute window.
Selecting an advisory category will provide the list of active recommendations based on the current state of the cluster and include important information such as:
- Recommendation details
- Impacted resources
- Resolution steps
Fix advisories
Conductor supports "one-click" mitigations for some advisories. You'll find a button with the text Fix Advisory
in the advisories that support being automatically fixed. Using this feature, Conductor will be responsible for performing the appropiate configuration changes in your Dapr control plane in order to address the advisory recommendations.
Dismiss advisories
Although Conductor's advisories are based industry best practices, not all fit every use case. Conductor offers users the ability to dismiss unapplicable advisories via the Dismiss Advisory
action.
Once an advisory is dismissed, it is moved to the Dismissed
tab and removed from all other views. However, dismissals can be undone triggering the associated recommendation to become visible again in the overview and respective category tabs.
Advisories reference
Below is a list of all advisories currently available in Conductor.
- Enterprise
- Free
Security
- Mutual Authentication (mTLS) not enabled (auto-fixable)
- Dapr mTLS certificates close to expiration date (auto-fixable)
- Dapr control plane deployed with runAsNonRoot set to
false
(auto-fixable) - Dapr Component has no scopes defined
- Component metadata contains sensitive information as plain text
- App to Dapr API authentication not enabled
- Dapr to App API authentication not enabled
- Unsupported Dapr version deployed
Reliability
- Dapr control plane not deployed with a highly available (HA) configuration (auto-fixable)
- Dapr operator injector watchdog is disabled (auto-fixable)
- Sidecar profiling should be disabled
- App health checks not enabled
Observability
- JSON-formatted logs not enabled in the Dapr sidecars (auto-fixable)
- Dapr control plane debug mode should be disabled in production environments (auto-fixable)
- Dapr control plane log level should not be debug in production environments (auto-fixable)
- JSON-formatted logs not enabled in Dapr control plane
- Dapr sidecar log level should not be debug in production environments
- Dapr sidecar API logging should be disabled in production environments
Performance
- Dapr sidecar resource requests and limits not set
- Dapr control plane resource requests and limits not set
- Application resource settings optimization: Conductor provides resource settings optimization advisories for the top 10 most resource-intensive apps that don't have resource settings specified. Each advisory recommends values for CPU and memory requests as well as memory limits on both your app containers and Dapr sidecars. Conductor uses metrics data from up to the past 15 days to calculate the suggested resource settings going forward.
Security
- Component metadata contains sensitive information as plain text
- Dapr Component has no scopes defined
- App to Dapr API authentication not enabled
- Dapr to App API authentication not enabled
- Unsupported Dapr version deployed
Reliability
- App health checks not enabled
Observability
- JSON-formatted logs not enabled in the Dapr sidecars (auto-fixable)
- JSON-formatted logs not enabled in Dapr control plane