hubble
hubble copied to clipboard
Policy-free L7 visibility
Summary
Simple way of enabling FQDN visibility via a Cilium flag instead of requiring complicated annotations. DNS is standardized in Kubernetes so it is simple to automatically detect all DNS traffic and provide visibility.
Is this the reason, why I only see data for DNS from the example app, but not for my own (which don't use any policies yet)?
Is this the reason, why I only see data for DNS from the example app, but not for my own (which don't use any policies yet)?
Hard to say without more details, but this is likely the cause, yes. In order for Hubble to have visibility into L7 events of a certain pod, you currently either have to apply a DNS policy to your pod (https://docs.cilium.io/en/stable/gettingstarted/dns/), or annotate that pod with a visibility annotation (https://docs.cilium.io/en/stable/policy/visibility/).
@tgraf I'm interested in this feature. But I'm pretty new to Cilium and Hubble. Just for me to confirm this is what we need: say I want to have visibility on all the requests (no matter the pod) that go port 12345
. This would allow me to do that?
Thanks for your hard work on this featur!