hubble icon indicating copy to clipboard operation
hubble copied to clipboard

Published 20 hours ago verified publisher icon cilium

Policy-free L7 visibility

Open tgraf opened this issue 4 years ago • 3 comments

Summary

Simple way of enabling FQDN visibility via a Cilium flag instead of requiring complicated annotations. DNS is standardized in Kubernetes so it is simple to automatically detect all DNS traffic and provide visibility.

tgraf avatar Feb 11 '20 14:02 tgraf

Is this the reason, why I only see data for DNS from the example app, but not for my own (which don't use any policies yet)?

Hades32 avatar Jun 14 '20 15:06 Hades32

Is this the reason, why I only see data for DNS from the example app, but not for my own (which don't use any policies yet)?

Hard to say without more details, but this is likely the cause, yes. In order for Hubble to have visibility into L7 events of a certain pod, you currently either have to apply a DNS policy to your pod (https://docs.cilium.io/en/stable/gettingstarted/dns/), or annotate that pod with a visibility annotation (https://docs.cilium.io/en/stable/policy/visibility/).

gandro avatar Jun 15 '20 09:06 gandro

@tgraf I'm interested in this feature. But I'm pretty new to Cilium and Hubble. Just for me to confirm this is what we need: say I want to have visibility on all the requests (no matter the pod) that go port 12345. This would allow me to do that?

Thanks for your hard work on this featur!

citosid avatar Sep 30 '21 19:09 citosid