Skip to main content

Advisor

Conductor’s Advisor functionality analyzes the Dapr installation on connected clusters and offers tailored insights and recommendations for optimizing Dapr from development to production. Advisor checks are performed periodically on a cluster-wide basis and any checks that fail are surfaced on the Advisor dashboard.

All Advisor recommendations are labeled with a severity of low, medium, or high. In addition, they are grouped into the following categories:

  • Security
  • Reliability
  • Observability
  • Performance (Enterprise-only)

When high-impact advisories are detected that impact a cluster or specific applications within a cluster, they will appear in the Cluster summary view under High-Impact Advisories and will also cause the state of the Insights indicator to become Issues Detected. See clusters and applications for more details.

High-impact advisory detection can also be surfaced up via configuration of advisor rules as explained in notifications.

View Advisories

Advisories can be found by navigating to the Advisor tab within a given cluster connection. The advisories are calculated on a 15-minute interval and displayed in the console grouped by category and severity. Use the Sync Advisories button to manually reconcile the state of advisories on the cluster outside of the rolling 15-minute window.

advisor

Selecting an advisory category will provide the list of active recommendations based on the current state of the cluster and include important information such as:

  • Recommendation details
  • Impacted resources
  • Resolution steps

advisor

Fix advisories

Conductor supports "one-click" mitigations for some advisories. You'll find a button with the text Fix Advisory in the advisories that support being automatically fixed. Using this feature, Conductor will be responsible for performing the appropiate configuration changes in your Dapr control plane in order to address the advisory recommendations.

advisor

Dismiss advisories

Although Conductor's advisories are based industry best practices, not all fit every use case. Conductor offers users the ability to dismiss unapplicable advisories via the Dismiss Advisory action.

Once an advisory is dismissed, it is moved to the Dismissed tab and removed from all other views. However, dismissals can be undone triggering the associated recommendation to become visible again in the overview and respective category tabs.

Advisories reference

Below is a list of all advisories currently available in Conductor.

Security

  • Mutual Authentication (mTLS) not enabled (auto-fixable)
  • Dapr mTLS certificates close to expiration date (auto-fixable)
  • Dapr control plane deployed with runAsNonRoot set to false (auto-fixable)
  • Dapr Component has no scopes defined
  • Component metadata contains sensitive information as plain text
  • App to Dapr API authentication not enabled
  • Dapr to App API authentication not enabled
  • Unsupported Dapr version deployed

Reliability

  • Dapr control plane not deployed with a highly available (HA) configuration (auto-fixable)
  • Dapr operator injector watchdog is disabled (auto-fixable)
  • Sidecar profiling should be disabled
  • App health checks not enabled

Observability

  • JSON-formatted logs not enabled in the Dapr sidecars (auto-fixable)
  • Dapr control plane debug mode should be disabled in production environments (auto-fixable)
  • Dapr control plane log level should not be debug in production environments (auto-fixable)
  • JSON-formatted logs not enabled in Dapr control plane
  • Dapr sidecar log level should not be debug in production environments
  • Dapr sidecar API logging should be disabled in production environments

Performance

  • Dapr sidecar resource requests and limits not set
  • Dapr control plane resource requests and limits not set
  • Application resource settings optimization: Conductor provides resource settings optimization advisories for the top 10 most resource-intensive apps that don't have resource settings specified. Each advisory recommends values for CPU and memory requests as well as memory limits on both your app containers and Dapr sidecars. Conductor uses metrics data from up to the past 15 days to calculate the suggested resource settings going forward.