Hubble – Network/Service/Security Observability for Kubernetes

Hubble is a fully distributed networking and security observability platform for cloud-native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.

Hubble can answer questions such as:

Service dependencies & communication map:

  • What services are communicating with each other? How frequently? What does the service dependency graph look like?
  • What HTTP calls are being made? What Kafka topics does a service consume from or produce to?

Operational monitoring & alerting:

  • Is any network communication failing? Why is communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)?
  • Which services have experienced a DNS resolution problems in the last 5 minutes? Which services have experienced an interrupted TCP connection recently or have seen connections timing out? What is the rate of unanswered TCP SYN requests?

Application monitoring:

  • What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters?
  • What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster? Which services are performing the worst? What is the latency between two services?

Security observability:

  • Which services had connections blocked due to network policy? What services have been accessed from outside the cluster? Which services have resolved a particular DNS name?

Why Hubble?

The Linux kernel technology eBPF is enabling visibility into systems and applications at a granularity and efficiency that was not possible before. It does so in a completely transparent way, without requiring the application to change or for the application to hide information. By building on top of Cilium, Hubble can leverage eBPF for visibility. By leveraging eBPF, all visibility is programmable and allows for a dynamic approach that minimizes overhead while providing deep and detailed insight where required. 

Architecture

Changelog v0.11.4

Misc. Changes:

  • [v0.11] ci: Bump actions/checkout from 3.3.0 to 3.4.0 (#947, @dependabot[bot])
  • [v0.11] ci: Bump actions/checkout from 3.4.0 to 3.5.0 (#961, @dependabot[bot])
  • [v0.11] ci: Bump actions/checkout from 3.5.0 to 3.5.1 (#989, @dependabot[bot])
  • [v0.11] ci: Bump actions/checkout from 3.5.1 to 3.5.2 (#992, @dependabot[bot])
  • [v0.11] ci: Bump actions/setup-go from 3.5.0 to 4.0.0 (#946, @dependabot[bot])
  • [v0.11] ci: Bump GitHub/codeql-action from 2.2.11 to 2.2.12 (#993, @dependabot[bot])
  • [v0.11] ci: Bump GitHub/codeql-action from 2.2.12 to 2.3.0 (#998, @dependabot[bot])
  • [v0.11] ci: Bump GitHub/codeql-action from 2.2.6 to 2.2.7 (#948, @dependabot[bot])
  • [v0.11] ci: Bump GitHub/codeql-action from 2.2.7 to 2.2.8 (#955, @dependabot[bot])
  • [v0.11] ci: Bump GitHub/codeql-action from 2.2.8 to 2.2.9 (#964, @dependabot[bot])
  • [v0.11] ci: Bump GitHub/codeql-action from 2.2.9 to 2.2.11 (#985, @dependabot[bot])
  • [v0.11] docker file: Bump library/alpine from 3.17.2 to 3.17.3 (#969, @dependabot[bot])
  • [v0.11] docker file: Bump library/golang from 1.19.7-alpine3.17 to 1.19.8-alpine3.17 (#980, @dependabot[bot])
  • [v0.11] docker file: Bump library/golang from 30630b1 to 31f980a (#970, @dependabot[bot])
  • [v0.11] docker file: Bump library/golang from 31f980a to 04065e6 (#974, @dependabot[bot])
  • [v0.11] docker file: Bump library/golang from 8b660f4 to 30630b1 (#965, @dependabot[bot])
  • v0.11/vendor: bump cilium to v1.13.1 (#975, @rolinh)
  • v0.11: bump Cilium to v1.13.2, update deps to their latest patch release (#999, @rolinh)

Install & Use