Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Overview

Hubble logo

Network, Service & Security Observability for Kubernetes

What is Hubble?

Hubble is a fully distributed networking and security observability platform for cloud native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.

Hubble can answer questions such as:

Service dependencies & communication map:

  • What services are communicating with each other? How frequently? What does the service dependency graph look like?
  • What HTTP calls are being made? What Kafka topics does a service consume from or produce to?

Operational monitoring & alerting:

  • Is any network communication failing? Why is communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)?
  • Which services have experienced a DNS resolution problems in the last 5 minutes? Which services have experienced an interrupted TCP connection recently or have seen connections timing out? What is the rate of unanswered TCP SYN requests?

Application monitoring:

  • What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters?
  • What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster? Which services are performing the worst? What is the latency between two services?

Security observability:

  • Which services had connections blocked due to network policy? What services have been accessed from outside the cluster? Which services have resolved a particular DNS name?

Why Hubble?

The Linux kernel technology eBPF is enabling visibility into systems and applications at a granularity and efficiency that was not possible before. It does so in a completely transparent way, without requiring the application to change or for the application to hide information. By building on top of Cilium, Hubble can leverage eBPF for visibility. By leveraging on eBPF, all visibility is programmable and allows for a dynamic approach that minimizes overhead while providing deep and detailed insight where required. Hubble has been created and specifically designed to make best use of these new eBPF powers.

Releases

Version Release Date Supported Cilium Version Artifacts
v0.7 2020-10-22 (v0.7.1) Cilium 1.9, Cilium 1.8 GitHub Release
v0.6 2020-05-29 (v0.6.1) Cilium 1.8 GitHub Release
v0.5 2020-07-28 (v0.5.2) Cilium 1.7 GitHub Release

Component Stability

Hubble project consists of several components (see Architecture section).

While the core Hubble components have been running in production in multiple environments, new components continue to emerge as the project grows and expands in scope.

Some components, due to their relatively young age, are still considered beta and have to be used with caution in critical production workloads.

Component Area State
Hubble CLI Core Stable
Hubble Server Core Stable
Hubble Metrics Core Stable
Hubble Relay Multinode Stable
Hubble UI UI Beta

Architecture

Hubble Architecture

Getting Started

Features

Service Dependency Graph

Troubleshooting microservices application connectivity is a challenging task. Simply looking at "kubectl get pods" does not indicate dependencies between each service or external APIs or databases.

Hubble enables zero-effort automatic discovery of the service dependency graph for Kubernetes Clusters at L3/L4 and even L7, allowing user-friendly visualization and filtering of those dataflows as a Service Map.

See Hubble Service Map Tutorial for more examples.

Service Map

Metrics & Monitoring

The metrics and monitoring functionality provides an overview of the state of systems and allow to recognize patterns indicating failure and other scenarios that require action. The following is a short list of example metrics, for a more detailed list of examples, see the Metrics Documentation.

Networking Behavior

Networking

Network Policy Observation

Network Policy

HTTP Request/Response Rate & Latency

HTTP

DNS Request/Response Monitoring

DNS

Flow Visibility

Flow visibility provides visibility into flow information on the network and application protocol level. This enables visibility into individual TCP connections, DNS queries, HTTP requests, Kafka communication, and much more.

DNS Resolution

Identifying pods which have received DNS response indicating failure:

hubble observe --since=1m -t l7 -j \
   | jq 'select(.l7.dns.rcode==3) | .destination.namespace + "/" + .destination.pod_name' \
   | sort | uniq -c | sort -r
  42 "starwars/jar-jar-binks-6f5847c97c-qmggv"

Successful query & response:

starwars/x-wing-bd86d75c5-njv8k            kube-system/coredns-5c98db65d4-twwdg      DNS Query deathstar.starwars.svc.cluster.local. A
kube-system/coredns-5c98db65d4-twwdg       starwars/x-wing-bd86d75c5-njv8k           DNS Answer "10.110.126.213" TTL: 3 (Query deathstar.starwars.svc.cluster.local. A)

Non-existent domain:

starwars/jar-jar-binks-789c4b695d-ltrzm    kube-system/coredns-5c98db65d4-f4m8n      DNS Query unknown-galaxy.svc.cluster.local. A
starwars/jar-jar-binks-789c4b695d-ltrzm    kube-system/coredns-5c98db65d4-f4m8n      DNS Query unknown-galaxy.svc.cluster.local. AAAA
kube-system/coredns-5c98db65d4-twwdg       starwars/jar-jar-binks-789c4b695d-ltrzm   DNS Answer RCode: Non-Existent Domain TTL: 4294967295 (Query unknown-galaxy.starwars.svc.cluster.local. A)
kube-system/coredns-5c98db65d4-twwdg       starwars/jar-jar-binks-789c4b695d-ltrzm   DNS Answer RCode: Non-Existent Domain TTL: 4294967295 (Query unknown-galaxy.starwars.svc.cluster.local. AAAA)

HTTP Protocol

Successful request & response with latency information:

starwars/x-wing-bd86d75c5-njv8k:53410      starwars/deathstar-695d8f7ddc-lvj84:80    HTTP/1.1 GET http://deathstar/
starwars/deathstar-695d8f7ddc-lvj84:80     starwars/x-wing-bd86d75c5-njv8k:53410     HTTP/1.1 200 1ms (GET http://deathstar/)

TCP/UDP Packets

Successful TCP connection:

starwars/x-wing-bd86d75c5-njv8k:53410      starwars/deathstar-695d8f7ddc-lvj84:80    TCP Flags: SYN
deathstar.starwars.svc.cluster.local:80    starwars/x-wing-bd86d75c5-njv8k:53410     TCP Flags: SYN, ACK
starwars/x-wing-bd86d75c5-njv8k:53410      starwars/deathstar-695d8f7ddc-lvj84:80    TCP Flags: ACK, FIN
deathstar.starwars.svc.cluster.local:80    starwars/x-wing-bd86d75c5-njv8k:53410     TCP Flags: ACK, FIN

Connection timeout:

starwars/r2d2-6694d57947-xwhtz:60948   deathstar.starwars.svc.cluster.local:8080     TCP Flags: SYN
starwars/r2d2-6694d57947-xwhtz:60948   deathstar.starwars.svc.cluster.local:8080     TCP Flags: SYN
starwars/r2d2-6694d57947-xwhtz:60948   deathstar.starwars.svc.cluster.local:8080     TCP Flags: SYN

Network Policy Behavior

Denied connection attempt:

starwars/enterprise-5775b56c4b-thtwl:37800   starwars/deathstar-695d8f7ddc-lvj84:80(http)   Policy denied (L3)   TCP Flags: SYN
starwars/enterprise-5775b56c4b-thtwl:37800   starwars/deathstar-695d8f7ddc-lvj84:80(http)   Policy denied (L3)   TCP Flags: SYN
starwars/enterprise-5775b56c4b-thtwl:37800   starwars/deathstar-695d8f7ddc-lvj84:80(http)   Policy denied (L3)   TCP Flags: SYN

Community

Join the Cilium Slack #hubble channel to chat with Cilium Hubble developers and other Cilium / Hubble users. This is a good place to learn about Hubble and Cilium, ask questions, and share your experiences.

Learn more about Cilium.

Authors

Hubble is an open source project licensed under the Apache License. Everybody is welcome to contribute. The project is following the Governance Rules of the Cilium project. See CONTRIBUTING for instructions on how to contribute and details of the Code of Conduct.

Issues
  • Unable to load UI. `Error: getaddrinfo EAI_AGAIN`

    Unable to load UI. `Error: getaddrinfo EAI_AGAIN`

    When I port-forward the hubble-ui service and try to load the UI in a browser, the following happens:

    • the web page remains stuck on the "The application is loading, please wait..." page.
    • the logs of the hubble-ui pod show the following message:
    {
      "name": "frontend",
      "hostname": "hubble-ui-79b6c7c67-z4bs5",
      "pid": 19,
      "req_id": "101ee530-14a9-4580-868a-66fed7c6fd49",
      "user": "[email protected]",
      "level": 50,
      "err": {
        "message": "Can't fetch namespaces via k8s api: Error: getaddrinfo EAI_AGAIN $ENTER_AKS_CLUSTER_DOMAIN_NAME",
        "locations": [
          {
            "line": 4,
            "column": 7
          }
        ],
        "path": [
          "viewer",
          "clusters"
        ],
        "extensions": {
          "code": "INTERNAL_SERVER_ERROR"
        }
      },
      "msg": "",
      "time": "2020-03-08T18:09:56.167Z",
      "v": 0
    }
    
    ๐Ÿ–ฅ area/ui 
    opened by uipo78 37
  • Install Hubble from installation guide failing

    Install Hubble from installation guide failing

    Hi, when trying to follow the instructions that appears in this site: https://github.com/cilium/hubble/blob/master/Documentation/installation.md once you reach to hubble and try to run this cmd:

    helm template hubble \
        --namespace kube-system \
        --set metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}" \
        > hubble.yaml
    

    you will fail on :

    Error: rendering template failed: runtime error: invalid memory address or nil pointer dereference
    

    tried to install also without any metrics and also not working , it looks like the template that exist here not working . can you please update the guidelines if any thing is expected?

    opened by amitrintzler 15
  • Flows don't show up on GKE

    Flows don't show up on GKE

    Flows and arrows are not visible in Hubble UI. Yet flows for "hubble" namespace are visible. Running in GKE.

    Running procedure:

    helm template cilium \
      --namespace cilium \
      --set global.nodeinit.enabled=true \
      --set nodeinit.reconfigureKubelet=true \
      --set nodeinit.removeCbrBridge=true \
      --set global.cni.binPath=/home/kubernetes/bin \
      --set global.tag=v1.7.0-rc1 \
      > cilium.yaml
    
    helm template hubble \
        --namespace hubble \
        --set metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}" \
        --set ui.enabled=true \
        > hubble.yaml
    

    I can confirm that flows are visible in "cilium monitor", "hubble observe", and "kubectl get cep".

    ๐Ÿ› kind/bug 
    opened by rubenhak 10
  • OpenTelemetry Support

    OpenTelemetry Support

    Dear Hubble Community,

    We are currently migrating to Cilium as our networking solution and are very excited to use Hubble for observability.

    However, we miss one thing to be happy โ€“ OpenTelemetry (OpenTracing) support. I can see it was mentioned in the roadmap around Cilium 1.0 release:

    h3. The Roadmap Ahead Integration with OpenTracing, Jaeger, and Zipkin: The minimal overhead of BPF makes it the ideal technology to provide tracing and telemetry functionality without imposing additional system load.

    However, I haven't found any code/issues connected to it. I thought that might be Cilium Go Extensions is the right place to implement it. Then I checked Hubble, and it looks like all the data required is in place. I can potentially contribute to it if you give some guidance if Hubble Relay the right place for it.

    ๐ŸŒŸ kind/feature 
    opened by trnl 9
  • network: unable to connect to Cilium daemon

    network: unable to connect to Cilium daemon

    I would like to ask how to clean up the cilium environment

    I follow the official documentation

    # install
    kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/v1.7.0/install/kubernetes/quick-install.yaml
    
    # delete
    kubectl delete -f https://raw.githubusercontent.com/cilium/cilium/v1.7.0/install/kubernetes/quick-install.yaml
    

    After that, I found that all my pods cannot be created properly. about cilium crd,I have deleted. Do i need to delete anything๏ผŸ

    Error message

    # kubectl get pod  | grep httpd
    httpd-596db6fdc4-4r22k                                 0/1     ContainerCreating   0          15m
    httpd-596db6fdc4-5xldk                                 0/1     ContainerCreating   0          15m
    
    # kubectl describe pod
    Events:
      Type     Reason                  Age    From                             Message
      ----     ------                  ----   ----                             -------
      Normal   Scheduled               10m    default-scheduler                Successfully assigned default/httpd-596db6fdc4-5xldk to node001
      Warning  FailedCreatePodSandBox  9m17s  kubelet, node001  Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "ffcd455f1ab5483a17f87cdad35beaea980e61317dbe35b788cac7953e72c95f" network for pod "httpd-596db6fdc4-5xldk": NetworkPlugin cni failed to set up pod "httpd-596db6fdc4-5xldk_default" network: unable to connect to Cilium daemon: failed to create cilium agent client after 30.000000 seconds timeout: Get http:///var/run/cilium/cilium.sock/v1/config: dial unix /var/run/cilium/cilium.sock: connect: no such file or directory
    Is the agent running?
    
    opened by llussy 9
  • Verdict events doubling

    Verdict events doubling

    Dear Hubble community,

    While logging traffic with Hubble:

    hubble observe -f --server hubble-relay:80 -o json --tcp-flags ACK --not --tcp-flags SYN
    

    Getting most events doubled in output: They have only difference in logging timestamp, ex:

    {"time":"2021-10-18T11:30:20.830417817Z","verdict":"FORWARDED","ethernet":{"source":"66:54:11:3e:bd:de","destination":"12:7a:c7:e0:b1:28"},"IP":{"source":"10.0.2.75","destination":"10.45.80.193","ipVersion":"IPv4"},"l4":{"TCP":{"source_port":49488,"destination_port":6443,"flags":{"ACK":true}}},"source":{"ID":140,"identity":6013,"namespace":"ingress-nginx","labels":["k8s:app.kubernetes.io/component=controller","k8s:app.kubernetes.io/instance=ingress-nginx","k8s:app.kubernetes.io/name=ingress-nginx","k8s:io.cilium.k8s.namespace.labels.field.cattle.io/projectId=p-8xjww","k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx","k8s:io.cilium.k8s.policy.cluster=default","k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx","k8s:io.kubernetes.pod.namespace=ingress-nginx"],"pod_name":"ingress-nginx-controller-db9d9c7f4-gjllb"},"destination":{"identity":6,"labels":["reserved:remote-node"]},"Type":"L3_L4","node_name":"dev-wg-app1","event_type":{"type":4,"sub_type":3},"traffic_direction":"EGRESS","trace_observation_point":"TO_STACK","is_reply":false,"Summary":"TCP Flags: ACK"}
    {"time":"2021-10-18T11:30:26.853421611Z","verdict":"FORWARDED","ethernet":{"source":"66:54:11:3e:bd:de","destination":"12:7a:c7:e0:b1:28"},"IP":{"source":"10.0.2.75","destination":"10.45.80.193","ipVersion":"IPv4"},"l4":{"TCP":{"source_port":49488,"destination_port":6443,"flags":{"ACK":true}}},"source":{"ID":140,"identity":6013,"namespace":"ingress-nginx","labels":["k8s:app.kubernetes.io/component=controller","k8s:app.kubernetes.io/instance=ingress-nginx","k8s:app.kubernetes.io/name=ingress-nginx","k8s:io.cilium.k8s.namespace.labels.field.cattle.io/projectId=p-8xjww","k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx","k8s:io.cilium.k8s.policy.cluster=default","k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx","k8s:io.kubernetes.pod.namespace=ingress-nginx"],"pod_name":"ingress-nginx-controller-db9d9c7f4-gjllb"},"destination":{"identity":6,"labels":["reserved:remote-node"]},"Type":"L3_L4","node_name":"dev-wg-app1","event_type":{"type":4,"sub_type":3},"traffic_direction":"EGRESS","trace_observation_point":"TO_STACK","is_reply":false,"Summary":"TCP Flags: ACK"}
    

    How this could be explained and avoided? Thanks!

    ๐Ÿ“ฌ kind/question 
    opened by voatsap 8
  • cmd/node: Refactor & Test output methods

    cmd/node: Refactor & Test output methods

    This PR aims to achieve the following:

    • [x] Refactor, where applicable, to test output functions.
    • [x] Add table driven inputs for invoking certain output functionality.

    Signed-off-by: Simarpreet Singh [email protected]

    ๐Ÿค– area/CI release-note/misc ready-to-merge 
    opened by simar7 8
  • Remove contrib/scripts/release.sh

    Remove contrib/scripts/release.sh

    Rename the current release make target to local-release, and update the release target to generate release artifacts from inside Docker.

    Signed-off-by: Michi Mutsuzaki [email protected]

    opened by michi-covalent 8
  • Hubble UI cannot render due to Error: unable to get issuer certificate

    Hubble UI cannot render due to Error: unable to get issuer certificate

    Screen Shot 2020-02-21 at 10 04 54 AM

    We cannot render the hubble-ui due to this below error message:

    "message":"Can't fetch namespaces via k8s api: Error: unable to get issuer certificate","locations":[{"line":4,"column":7}],"path":["viewer","clusters"],"extensions":{"code":"INTERNAL_SERVER_ERROR"}}
    

    { name: 'inCluster', caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', server: 'https://10.110.121.43:443', skipTLSVerify: false }

    ๐Ÿ–ฅ area/ui 
    opened by CH-anhngo 8
  • Starting in Rancher, Can't start Cilium-Agent

    Starting in Rancher, Can't start Cilium-Agent

    I use the instructions listed in the Installation.md trying to start Hubble (but get stuck on Cilium), and the Cilium deployment gives the following error in the container logs:

    level=error msg="Error while initializing daemon" error="exit status 2" subsys=daemon
    level=fatal msg="Error while creating daemon" error="exit status 2" subsys=daemon
    

    There is a warning message in the logs just before that:

    level=error msg="Command execution failed" cmd="[/var/lib/cilium/bpf/init.sh /var/lib/cilium/bpf /var/run/cilium/state 10.42.0.113 <nil> vxlan    1500 false false  false false /var/run/cilium/cgroupv2 /run/cilium/bpffs ]" error="exit status 2" subsys=datapath-loader
    level=warning msg="+ set -o pipefail" subsys=datapath-loader
    level=warning msg="++ command -v cilium" subsys=datapath-loader
    level=warning msg="+ [[ ! -n /usr/bin/cilium ]]" subsys=datapath-loader
    level=warning msg="+ rm /var/run/cilium/state/encap.state" subsys=datapath-loader
    level=warning msg="+ true" subsys=datapath-loader
    ... [snipped for brevity]
    

    This is while running a Rancher 2.3.1 + Kubernetes 1.15.6 cluster with a single master. I ran all the commands (with kubectl) outside of Rancher as if it were a normal k8s cluster.

    The Rancher UI shows this message: CrashLoopBackOff: Back-off 5m0s restarting failed container=cilium-agent pod=cilium-hjw65_kube-system(e721fdfd-966f-49a7-b996-c3f3e84f275c)

    Note: I'm somewhat new to Kubernetes in general, so if I'm missing something I apologize in advance.

    ๐Ÿ“ฌ kind/question area/cilium 
    opened by Vacant0mens 8
  • `hubble observe --json` does not print json

    `hubble observe --json` does not print json

    The command hubble observe --json --last 1000 --follow --namespace default does not print json. It does print a warning that --json flag has been deprecated but the behavior is not the expected one. If a flag is deprecated the behavior should be kept until the flag is removed.

    Flag --json has been deprecated, use '--output json' instead
    Aug  7 23:29:01.675: default/client-f4dd54c78-k8bz8:53030 -> default/server-778bd884d6-5qrbj:8080 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    Aug  7 23:29:01.676: default/client-f4dd54c78-k8bz8:53030 <- default/server-778bd884d6-5qrbj:80 to-endpoint FORWARDED (TCP Flags: ACK, PSH)
    
    hubble --version
    hubble v0.8.0
    
    ๐Ÿ› kind/bug 
    opened by aanm 7
  • hubble status reports Max Flows 0/0 and Unavailable Nodes

    hubble status reports Max Flows 0/0 and Unavailable Nodes

    Trying to enable hubble ui in a cluster where cilium was installed with helm:

    cilium hubble enable --ui --create-ca --relay-version v1.10.3
    

    (The --relay-version is a workaround for https://github.com/cilium/cilium-cli/issues/456)

    After port-forward, hubble status reports Max Flows 0/0 and all Nodes Unavailable even though running cilium status in each cilium pod shows Max Flows 4095/4095.

    No known workaround.

    Is this another case of cilium-cli being incompatible with a helm-installed Cilium? We wouldn't have to blaze that trail if cilium-cli were able to install Cilium chained to eks-vpc-cni.

    ๐Ÿ“ฌ kind/question ๐Ÿ“Š kind/community-report area/cilium 
    opened by joebowbeerxealth 33
  • Apllying http-visibility breaks OAuth requests

    Apllying http-visibility breaks OAuth requests

    Hello, after applying http-visibility

    
    apiVersion: cilium.io/v2
    kind: CiliumNetworkPolicy
    metadata:
      name: http-visibility
    spec:
      endpointSelector:
        matchLabels: {}
      ingress:
        - fromEntities:
            - all
          toPorts:
            - ports:
                - port: "80"
                  protocol: TCP
              rules:
                http:
                  - {}
        - fromEntities:
            - all
    

    as described in docs makes my services return 401 responses after authorization.

    How can I check envoy doesn't trim Authorization headers or Cookies.

    NOTE: If I remove the policy everything works as expected.

    Any help is appreciated.

    ๐Ÿ› kind/bug ๐Ÿ“Š kind/community-report โ‰ needs/triage 
    opened by pandarun 2
  • Add `hubble observe flows` as alias for `hubble observe`

    Add `hubble observe flows` as alias for `hubble observe`

    As we start to introduce additional types of events in Hubble besides flows, we need to distinguish between the different types of events which are being observed. While we want to keep hubble observe for compatibility reasons, we can make it consistent with the newly added debug and agent events by adding a hubble observe flows alias:

    https://github.com/cilium/hubble/pull/537#issuecomment-830422131

    kind/enhancement โŒจ๏ธ area/cli 
    opened by gandro 0
  • hubble observe doesn't support `--until` without `--since`

    hubble observe doesn't support `--until` without `--since`

    right now --until flag seems to get ignored if --since is not specified. i was expecting --since to get set to zero if only --until flag is specified ๐Ÿค”

    slack discussion: https://cilium.slack.com/archives/CQRL1EPAA/p1616170452006600

    ๐Ÿ‘ good-first-issue โŒจ๏ธ area/cli 
    opened by michi-covalent 0
  • Improve CLI usability around ringbuffer limits

    Improve CLI usability around ringbuffer limits

    Some example usage of hubble:

    I want to find out if any apps are reaching out to 8.8.8.8:

    # hubble observe --to-ip=8.8.8.8
    requested data has been overwritten and is no longer available
    

    I'm not sure how many flows are kept in the ringbuffer or the timeline that represents, so I tried listing the last 30m:

    # hubble observe --namespace default -o json --since=30m
    requested data has been overwritten and is no longer available
    

    These seem to be both derived from the error in the hubble server side around attempting to list more flows than the current ringbuffer contents. But as a user, I don't know or necessarily care about the ringbuffer size, I just want to query these flows and get whatever information is available.

    Furthermore, the error itself is pretty generic, so I know I am doing something wrong but it's unclear what I should try next. I was informed there is also --all CLI in the latest version (not yet available in Cilium containers) and I can do some analysis of hubble status to figure out how many flows are likely to be present, but this will not catch all cases and these are very complicated mitigations if I want to just try to find as much information as is available in Hubble.

    If the response from the Hubble server was clearly "Here are the N flows out of M" or "From the last N minutes (since timestamp X), I found these relevant flows" then this would help to provide the context around whether the flows are likely to include the information I'm looking for or not.

    opened by joestringer 1
  • Add functionality to trace API calls

    Add functionality to trace API calls

    To aid in debugging (but also learnability regarding the Hubble API), it would be nice to have a flag/mode for the CLI to track the API calls emitted by the CLI in a given run.

    Example of a similar feature from kubectl:

    $ kubectl --v=8 get pods -n kube-system
    I1210 16:43:37.292636    9562 loader.go:379] Config loaded from file:  /home/vagrant/.kube/config
    I1210 16:43:37.310335    9562 round_trippers.go:422] GET https://192.168.33.11:6443/api/v1/namespaces/kube-system/pods?limit=500
    I1210 16:43:37.310379    9562 round_trippers.go:429] Request Headers:
    I1210 16:43:37.310385    9562 round_trippers.go:433]     Accept: application/json;as=Table;v=v1;g=meta.k8s.io,application/json;as=Table;v=v1beta1;g=meta.k8s.io,application/json
    I1210 16:43:37.310390    9562 round_trippers.go:433]     User-Agent: kubectl/v1.20.0 (linux/amd64) kubernetes/3321f00
    I1210 16:43:37.345064    9562 round_trippers.go:448] Response Status: 200 OK in 34 milliseconds
    I1210 16:43:37.345093    9562 round_trippers.go:451] Response Headers:
    I1210 16:43:37.345102    9562 round_trippers.go:454]     Cache-Control: no-cache, private
    I1210 16:43:37.345259    9562 round_trippers.go:454]     Content-Type: application/json
    I1210 16:43:37.345635    9562 round_trippers.go:454]     X-Kubernetes-Pf-Flowschema-Uid: fba42907-d6e4-4b79-b35a-5964a353086d
    I1210 16:43:37.346165    9562 round_trippers.go:454]     X-Kubernetes-Pf-Prioritylevel-Uid: a4104551-f5eb-4385-b6e5-696678b32669
    I1210 16:43:37.346185    9562 round_trippers.go:454]     Date: Thu, 10 Dec 2020 16:43:37 GMT
    I1210 16:43:37.353313    9562 request.go:1107] Response Body: {"kind":"Table","apiVersion":"meta.k8s.io/v1","metadata":{"resourceVersion":"110001"},"columnDefinitions":[{"name":"Name","type":"string","format":"name","description":"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names","priority":0},{"name":"Ready","type":"string","format":"","description":"The aggregate readiness state of this pod for accepting traffic.","priority":0},{"name":"Status","type":"string","format":"","description":"The aggregate status of the containers in this pod.","priority":0},{"name":"Restarts","type":"integer","format":"","description":"The number of times the containers in this pod have been restarted.","priority":0},{"name":"Age","type":"string","format":"","description":"CreationTimestamp is [truncated 5536 chars]
    NAME                       READY   STATUS    RESTARTS   AGE
    coredns-6954c77b9b-gjdmp   1/1     Running   0          25h
    
    kind/enhancement ๐Ÿ™ help-wanted โŒจ๏ธ area/cli 
    opened by gandro 2
Releases(v0.10.0)
  • v0.10.0(Jun 22, 2022)

    The v0.10.0 release of the Hubble CLI coincides with Cilium v1.12. It adds a new --first option to query for earlier flows and events (#719, requires Cilium v1.12 and newer), further improves the default compact output by displaying security identities and refining policy verdict event output (#717, #734, #745), and deprecates the -o json option in favor of -o jsonpb (#738).

    This release also contains many quality of life improvements, such as more flexible time range filter parsing (#707), extended shell completion for various filter flags (#727, #744), support for named identity filters (#732), improvements to the command-line usage documentation (#718, #730, #731, #733), and an updated version of the Hubble logo (#726).

    Major Changes:

    • cli: Deprecate -o json, recommend -o jsonpb instead (#738, @gandro)
    • cmd/observe: Add --first to support querying for earlier flows and events (#719, @chancez)
    • printer: Display security identity in compact output (#717, @gandro)

    Minor Changes:

    • Add support for less granular time formats (#707, @rolinh)
    • cmd/observe: add flag completion for --protocol (#727, @rolinh)
    • cmd/observe: document subtypes and add completion for subtypes (#744, @rolinh)
    • cmd/observe: improve policy verdict output in compact mode (#745, @rolinh)

    Bugfixes:

    • cmd/config: ensure that the configuration directory exist (#684, @rolinh)
    • cmd/observe: match only Hubble-specific part of error in Test_getFlowsRequestWithInvalidRawFilters (#655, @tklauser)

    CI Changes:

    • .github: let dependabot ignore Cilium dependency (#675, @tklauser)

    Misc Changes:

    • build(deps): bump actions/checkout from 2.4.0 to 3 (#693, @dependabot[bot])
    • build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#705, @dependabot[bot])
    • build(deps): bump actions/checkout from 3.0.1 to 3.0.2 (#709, @dependabot[bot])
    • build(deps): bump actions/download-artifact from 2.0.10 to 2.1.0 (#668, @dependabot[bot])
    • build(deps): bump actions/download-artifact from 2.1.0 to 3 (#688, @dependabot[bot])
    • build(deps): bump actions/setup-go from 2.1.4 to 2.1.5 (#665, @dependabot[bot])
    • build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#680, @dependabot[bot])
    • build(deps): bump actions/setup-go from 2.2.0 to 3 (#697, @dependabot[bot])
    • build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#746, @dependabot[bot])
    • build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0 (#662, @dependabot[bot])
    • build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1 (#663, @dependabot[bot])
    • build(deps): bump actions/upload-artifact from 2.3.1 to 3 (#701, @dependabot[bot])
    • build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 (#724, @dependabot[bot])
    • build(deps): bump docker/build-push-action from 2.10.0 to 3 (#728, @dependabot[bot])
    • build(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#673, @dependabot[bot])
    • build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#679, @dependabot[bot])
    • build(deps): bump docker/build-push-action from 2.9.0 to 2.10.0 (#699, @dependabot[bot])
    • build(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#669, @dependabot[bot])
    • build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#683, @dependabot[bot])
    • build(deps): bump docker/login-action from 1.13.0 to 1.14.1 (#704, @dependabot[bot])
    • build(deps): bump docker/login-action from 1.14.1 to 2 (#742, @dependabot[bot])
    • build(deps): bump docker/setup-buildx-action from 1.6.0 to 2 (#714, @dependabot[bot])
    • build(deps): bump github.com/cilium/cilium from 1.11.0 to 1.11.1 (#674, @dependabot[bot])
    • build(deps): bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#676, @dependabot[bot])
    • build(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#712, @dependabot[bot])
    • build(deps): bump github.com/spf13/cast from 1.4.1 to 1.5.0 (#725, @dependabot[bot])
    • build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#664, @dependabot[bot])
    • build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#694, @dependabot[bot])
    • build(deps): bump github.com/spf13/viper from 1.10.0 to 1.10.1 (#667, @dependabot[bot])
    • build(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#706, @dependabot[bot])
    • build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#729, @dependabot[bot])
    • build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#698, @dependabot[bot])
    • build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#743, @dependabot[bot])
    • build(deps): bump github/codeql-action from 1 to 2 (#711, @dependabot[bot])
    • build(deps): bump github/codeql-action from 96bc9c36c68e097cd033777efed25c248ffcf09a to 2.1.12 (#735, @dependabot[bot])
    • build(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#685, @dependabot[bot])
    • build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#720, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 (#666, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.43.0 to 1.44.0 (#678, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.44.0 to 1.45.0 (#702, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#710, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#721, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#736, @dependabot[bot])
    • build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#700, @dependabot[bot])
    • bump Go to v1.18.1, update golangci-lint to v1.45.2 (#708, @rolinh)
    • ci: bump golangci-lint to v1.45.0 (#696, @rolinh)
    • ci: use hashes for all GitHub Action modules (#722, @rolinh)
    • compact: Use "ID" for security identity prefix (#734, @michi-covalent)
    • Dockerfile: fix golang image name to v1.18.2 (#723, @kaworu)
    • docs: Document pod/service filter prefix behavior (#733, @slayer321)
    • docs: update logos and add dark logo (#726, @raphink)
    • docs: update the cli doc with cidr range source/destination ip filter (#731, @slayer321)
    • go.mod, vendor: update cilium to 1.11.0 (#658, @tklauser)
    • improve cli help text for service filtering (#730, @ILLIDOM)
    • named reserved identites support for --{,from-,to-}identity (#732, @kaworu)
    • Prepare for v0.10 development cycle (#652, @gandro)
    • Refactor usage template to determine --help flags using a registration pattern (#718, @chancez)
    • release and changelog misc improvements (#659, @kaworu)
    • Update Cobra to v1.5.0 (#747, @rolinh)
    • Update Go to 1.17.4 and alpine to 3.15 (#653, @tklauser)
    • Update Go to 1.17.5 (#660, @tklauser)
    • Update Go to 1.17.6 (#670, @tklauser)
    • Update Go to 1.17.7 (#681, @tklauser)
    • Update Go to 1.17.8 (#689, @tklauser)
    • Update Go to 1.18.2 (#715, @tklauser)
    • Update Go to 1.18.3, alpine to 3.16, golangci-lint to 1.46.2 (#737, @tklauser)
    • Update Go to v1.18 (#695, @rolinh)
    • vendor: Bump Cilium to v1.12 branch (#748, @gandro)
    • vendor: update yaml.v3 to v3.0.1 (#741, @kaworu)
    Source code(tar.gz)
    Source code(zip)
    hubble-darwin-amd64.tar.gz(7.27 MB)
    hubble-darwin-amd64.tar.gz.sha256sum(93 bytes)
    hubble-darwin-arm64.tar.gz(6.95 MB)
    hubble-darwin-arm64.tar.gz.sha256sum(93 bytes)
    hubble-linux-386.tar.gz(6.66 MB)
    hubble-linux-386.tar.gz.sha256sum(90 bytes)
    hubble-linux-amd64.tar.gz(6.96 MB)
    hubble-linux-amd64.tar.gz.sha256sum(92 bytes)
    hubble-linux-arm.tar.gz(6.55 MB)
    hubble-linux-arm.tar.gz.sha256sum(90 bytes)
    hubble-linux-arm64.tar.gz(6.32 MB)
    hubble-linux-arm64.tar.gz.sha256sum(92 bytes)
    hubble-windows-386.tar.gz(6.89 MB)
    hubble-windows-386.tar.gz.sha256sum(92 bytes)
    hubble-windows-amd64.tar.gz(7.00 MB)
    hubble-windows-amd64.tar.gz.sha256sum(94 bytes)
    hubble-windows-arm64.tar.gz(6.36 MB)
    hubble-windows-arm64.tar.gz.sha256sum(94 bytes)
  • v0.9.0(Nov 30, 2021)

    Hubble v0.9.0 coincides with Cilium v1.11. It brings many improvements to the CLI: Colored output (#551), improved readability and alternative output formats in hubble status (#629, #614), and the ability to specify custom filters via the newly introduced --allowlist and --denylist flags (#643). Other changes include automatic stop conditions for hubble record (#607), omit displaying old flows in follow mode by default (#573) and client binary support for Windows ARM64 (#618).

    Minor Changes:

    • build release binaries for Windows ARM64 (#618, @rolinh)
    • cmd/observe: add color support (#551, @rolinh)
    • cmd/observe: do not set --last to 20 by default in follow mode (#573, @rolinh)
    • cmd/record: Add stop condition flags (#607, @gandro)
    • cmd/status: add support for multiple output formats (#614, @rolinh)
    • observe: Add --allowlist / --denylist flags (#643, @michi-covalent)
    • printer: group digits by 3 for flow counters and make uptime human-readable (#629, @rolinh)
    • Update cobra to v1.2.1 and use built-in completion command (#582, @rolinh)

    Bugfixes:

    • printer: Add missing verdicts (#626, @pchaigno)
    • printer: fix dict outout newline (#615, @rolinh)

    CI Changes:

    • .github: Cancel outdated PR and push workflows (#555, @pchaigno)
    • Add CODEOWNERS (#576, @gandro)
    • ci: bump golangci-lint to v1.42.0 (#611, @tklauser)
    • CODEOWNERS: assign GH actions to github-sec team (#577, @tklauser)

    Misc Changes:

    • .github/workflows: move Go module vendoring check to build checks (#563, @tklauser)
    • .github: Rename maintainer's little helper's config file (#569, @pchaigno)
    • build(deps): bump actions/checkout from 2 to 2.3.5 (#640, @dependabot[bot])
    • build(deps): bump actions/checkout from 2.3.5 to 2.4.0 (#648, @dependabot[bot])
    • build(deps): bump actions/setup-go from 2.1.3 to 2.1.4 (#616, @dependabot[bot])
    • build(deps): bump github.com/fatih/color from 1.10.0 to 1.12.0 (#558, @dependabot[bot])
    • build(deps): bump github.com/fatih/color from 1.12.0 to 1.13.0 (#633, @dependabot[bot])
    • build(deps): bump github.com/google/go-cmp from 0.5.5 to 0.5.6 (#561, @dependabot[bot])
    • build(deps): bump github.com/spf13/cast from 1.3.1 to 1.4.0 (#600, @dependabot[bot])
    • build(deps): bump github.com/spf13/cast from 1.4.0 to 1.4.1 (#613, @dependabot[bot])
    • build(deps): bump github.com/spf13/viper from 1.8.0 to 1.8.1 (#579, @dependabot[bot])
    • build(deps): bump github.com/spf13/viper from 1.8.1 to 1.9.0 (#628, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.38.0 to 1.39.0 (#584, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.39.0 to 1.39.1 (#608, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0 (#610, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 (#634, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0 (#649, @dependabot[bot])
    • build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1 (#583, @dependabot[bot])
    • build(deps): bump skx/github-action-publish-binaries from c881a3f8ffb80b684f367660178d38ceabc065c2 to 2.0 (#632, @dependabot[bot])
    • ci: bump Go to 1.17 for golangci-lint (#625, @kaworu)
    • ci: enable checks for missing Go documentation (#581, @rolinh)
    • ci: fix the go vendoring check (#575, @kaworu)
    • cmd/observe: move flows specific code to flows*.go files (#578, @tklauser)
    • cmd/observe: remove depreacted formatting flags (json, compact, dict) (#603, @rolinh)
    • cmd/observe: rename flow-related functions, types and import aliases (#574, @tklauser)
    • CODEOWNERS: assign Go module vendoring to @cilium/vendor (#580, @tklauser)
    • docker: add note about bogus busybox's nslookup implementation (#587, @rolinh)
    • Fix broken link (#593, @sharjeelaziz)
    • git commands in the Makefile return the empty string if they fail. (#589, @zhiyanfoo)
    • github: Add "Image Release Build" workflow (#627, @gandro)
    • Log a debug message when reading from stdin (#598, @michi-covalent)
    • Makefile: Introduce GO_BUILD variable (#560, @gandro)
    • pkg/printer: disable color output in tests (#562, @tklauser)
    • Prepare for 0.9 development cycle (#545, @gandro)
    • readme: clarify that only the latest version is maintained/supported (#568, @rolinh)
    • RELEASE.md: document Homebrew formular update as optional step (#624, @tklauser)
    • RELEASE.md: fix brew command formatting (#630, @tklauser)
    • release: pin skx/github-action-publish-binaries to a specific sha (#546, @rolinh)
    • Small test cleanups (#571, @tklauser)
    • Update doc and stable.txt for v0.8.2 release (#623, @rolinh)
    • Update Go to 1.16.4 (#548, @tklauser)
    • Update Go to 1.16.5 (#564, @tklauser)
    • Update Go to 1.16.7 (#604, @tklauser)
    • Update Go to 1.17 (#612, @tklauser)
    • Update Go to 1.17.2 (#635, @tklauser)
    • update Go to v1.16.6, alpine to 3.14 (#585, @rolinh)
    • update Go to v1.17.1 (#620, @rolinh)
    • Update Go to v1.17.3, golangci-lint to v1.43.0 (#646, @rolinh)
    • Update readme, changelog and stable.txt for v0.8.1 release (#595, @rolinh)
    • Use golangci-lint for static checks (#559, @rolinh)
    • vendor: bump github.com/cilium/cilium to latest master (#556, @tklauser)
    • vendor: Bump github.com/cilium/cilium to v1.11.0-rc3 (#650, @gandro)
    • vendor: bump grpc to v1.37.1; honnef tools to v0.1.4 (#552, @rolinh)
    • vendor: bump viper to v1.8.0 and grpc to v1.38.0 (#572, @rolinh)
    • version: Drop the "v" prefix (#638, @michi-covalent)
    Source code(tar.gz)
    Source code(zip)
    hubble-darwin-amd64.tar.gz(6.79 MB)
    hubble-darwin-amd64.tar.gz.sha256sum(93 bytes)
    hubble-darwin-arm64.tar.gz(6.74 MB)
    hubble-darwin-arm64.tar.gz.sha256sum(93 bytes)
    hubble-linux-386.tar.gz(6.05 MB)
    hubble-linux-386.tar.gz.sha256sum(90 bytes)
    hubble-linux-amd64.tar.gz(6.47 MB)
    hubble-linux-amd64.tar.gz.sha256sum(92 bytes)
    hubble-linux-arm.tar.gz(5.97 MB)
    hubble-linux-arm.tar.gz.sha256sum(90 bytes)
    hubble-linux-arm64.tar.gz(5.94 MB)
    hubble-linux-arm64.tar.gz.sha256sum(92 bytes)
    hubble-windows-386.tar.gz(6.34 MB)
    hubble-windows-386.tar.gz.sha256sum(92 bytes)
    hubble-windows-amd64.tar.gz(6.57 MB)
    hubble-windows-amd64.tar.gz.sha256sum(94 bytes)
    hubble-windows-arm64.tar.gz(6.02 MB)
    hubble-windows-arm64.tar.gz.sha256sum(94 bytes)
  • v0.8.2(Sep 10, 2021)

    This patch release fixes a bug in the dict output where a newline was missing. It also removes long-deprecated --json, --compact and --dict flags (use the --output flag instead) that actually turned out to be broken at this point. A very visible addition is color support, a change that was backported from the master branch upon popular request. In addition, the Go version, which is used to create release binaries, is updated to the latest v1.16.8 and the Cilium dependency is updated to v1.10.4.

    Minor Changes:

    • Backport color output to v0.8 branch (#609, @michi-covalent)

    Bugfixes:

    • v0.8: printer: fix dict outout newline (#617, @rolinh)

    Misc Changes:

    • [v0.8] go.mod, vendor: bump cilium to v1.10.4 (#619, @tklauser)
    • v0.8: cmd/observe: remove depreacted formatting flags (json, compact, dict) (#606, @rolinh)
    • v0.8: Update Go to 1.16.7 (#605, @tklauser)
    • v0.8: update Go to v1.16.8, Alpine base image to 3.14.2 (#621, @rolinh)
    Source code(tar.gz)
    Source code(zip)
    hubble-darwin-amd64.tar.gz(4.39 MB)
    hubble-darwin-amd64.tar.gz.sha256sum(93 bytes)
    hubble-darwin-arm64.tar.gz(4.27 MB)
    hubble-darwin-arm64.tar.gz.sha256sum(93 bytes)
    hubble-linux-386.tar.gz(3.93 MB)
    hubble-linux-386.tar.gz.sha256sum(90 bytes)
    hubble-linux-amd64.tar.gz(4.22 MB)
    hubble-linux-amd64.tar.gz.sha256sum(92 bytes)
    hubble-linux-arm.tar.gz(3.85 MB)
    hubble-linux-arm.tar.gz.sha256sum(90 bytes)
    hubble-linux-arm64.tar.gz(3.81 MB)
    hubble-linux-arm64.tar.gz.sha256sum(92 bytes)
    hubble-windows-386.tar.gz(4.12 MB)
    hubble-windows-386.tar.gz.sha256sum(92 bytes)
    hubble-windows-amd64.tar.gz(4.30 MB)
    hubble-windows-amd64.tar.gz.sha256sum(94 bytes)
  • v0.8.1(Jul 19, 2021)

    [v0.8.1] - 2021-07-19

    This patch release updates gRPC and Cilium dependencies to v1.37.1 and v1.10.3 respectively. The Go version, which is used to create release binaries, is also updated to the latest v1.16.6. A minor, mostly cosmetic, bug is also fixed which allows building Hubble without any warning being displayed when the .git directory is not present.

    Misc Changes:

    • v0.8: bump cilium to v1.10.2, Go to v1.16.6 (#586, @rolinh)
    • v0.8: release: pin skx/github-action-publish-binaries to a specific sha (#547, @rolinh)
    • v0.8: update cilium to v1.10.3, backport git version fix (#591, @rolinh)
    • v0.8: Update Go to 1.16.4 (#549, @tklauser)
    • v0.8: Update Go to 1.16.5 (#565, @tklauser)
    • v0.8: vendor: bump github.com/cilium/cilium to v1.10.0 (#557, @tklauser)
    • v0.8: vendor: bump grpc to v1.37.1; honnef tools to v0.1.4 (#553, @rolinh)
    Source code(tar.gz)
    Source code(zip)
    hubble-darwin-amd64.tar.gz(4.38 MB)
    hubble-darwin-amd64.tar.gz.sha256sum(93 bytes)
    hubble-darwin-arm64.tar.gz(4.27 MB)
    hubble-darwin-arm64.tar.gz.sha256sum(93 bytes)
    hubble-linux-386.tar.gz(3.93 MB)
    hubble-linux-386.tar.gz.sha256sum(90 bytes)
    hubble-linux-amd64.tar.gz(4.21 MB)
    hubble-linux-amd64.tar.gz.sha256sum(92 bytes)
    hubble-linux-arm.tar.gz(3.85 MB)
    hubble-linux-arm.tar.gz.sha256sum(90 bytes)
    hubble-linux-arm64.tar.gz(3.80 MB)
    hubble-linux-arm64.tar.gz.sha256sum(92 bytes)
    hubble-windows-386.tar.gz(4.10 MB)
    hubble-windows-386.tar.gz.sha256sum(92 bytes)
    hubble-windows-amd64.tar.gz(4.28 MB)
    hubble-windows-amd64.tar.gz.sha256sum(94 bytes)
  • v0.8.0(May 3, 2021)

    [v0.8.0] - 2021-05-03

    This release coincides with Cilium 1.10 and has support for new API additions added in Cilium. Some of the new API features include support for agent and debug events (#537), as well as prelimary support for the experimental Hubble Recorder API (#530). Both of these features are currenlty only available via the local unix domain socket. Other API features include filtering by TCP flags (#461), IP version (#505) and node name (#412).

    Hubble CLI 0.8 also comes with improvements to the CLI utility, such as reading flows and filtering flows from stdin (#524), more flexible timestamp format printing (#509), support for Apple silicon (#488), as well as miscellaneous flag improvements and additions (#411, #420, #421, #443). It also contains a new hubble list subcommand which, when targeting Hubble Relay, lists all Hubble enabled nodes (#427).

    Breaking Changes

    In accordance with semver 0.x releases, this release contains a few breaking changes to the Hubble command-line interface:

    • The new default Hubble API endpoint (specified with --server) is now localhost:4245 to ease usage with Hubble Relay. To connect to the local unix domain socket, use --server unix:///var/run/cilium/hubble.sock or set the HUBBLE_SERVER environment variable (default within a Cilium container) (#535)
    • The new default output format is now always compact regardless of being in follow-mode or not. To obtain the old table output in the hubble observe command, use --output=table (#536)
    • The source of reply packets is now printed on the left side in the compact output format. Such flows are indicated with a <- arrow instead of ->. Flows with an unknown direction now use the <> arrow in the compact output (#533).
    • The hidden hubble peers watch command has been renamed to hubble watch peers (#542)

    Major Changes:

    • Add basic support for agent events (#442, @tklauser)
    • Add subcommands for agent and debug events (#537, @tklauser)
    • cmd/observe: support for filtering events based on tcp-flags (#461, @nyrahul)
    • cmd: add node list subcommand to list hubble nodes with status (#427, @rolinh)

    Minor Changes:

    • change default address to localhost:4245 (#535, @rolinh)
    • cmd/config: add shell completion support for keys for get|set|reset (#420, @rolinh)
    • cmd/observe: add a new flag to allow specifying different time formats for timestamps (#509, @rolinh)
    • cmd/observe: add all flags (#411, @rolinh)
    • cmd/observe: Add node name filter (#412, @twpayne)
    • cmd/observe: add shell completion support for various flags (#421, @rolinh)
    • cmd/observe: add support for IP version filters (#505, @rolinh)
    • cmd/observe: mark deprecated output flags as deprecated (#506, @rolinh)
    • cmd/observer: add support for agent event sub-type filters (#465, @tklauser)
    • cmd: Add record subcommand (#530, @gandro)
    • cmd: improve command usage message by grouping related flags (#443, @rolinh)
    • compact: Always print original source on the left (#533, @michi-covalent)
    • make: build release binaries for darwin/arm64 (aka Apple silicon) (#488, @rolinh)
    • printer: Add support for debug events (#473, @gandro)
    • RFC: cmd/observe: set default output format to "compact" (#536, @rolinh)
    • Support reading flows from stdin (#524, @michi-covalent)

    Bugfixes:

    • cmd: fix environment variable names for options with dashes (#407, @rolinh)

    Misc Changes:

    • Agent event follow-up fixes for #442 (#454, @tklauser)
    • all: avoid using the deprecated io/ioutil package (#489, @rolinh)
    • Automate release creation and artifacts publishing (#490, @rolinh)
    • build(deps): bump actions/setup-go from v1 to v2.1.3 (#476, @dependabot[bot])
    • build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.8.1 (#525, @dependabot[bot])
    • build(deps): bump github.com/spf13/cobra from 1.1.2 to 1.1.3 (#486, @dependabot[bot])
    • build(deps): bump google.golang.org/grpc from 1.36.0 to 1.36.1 (#522, @dependabot[bot])
    • build(deps): bump google.golang.org/protobuf from 1.25.0 to 1.26.0 (#518, @dependabot[bot])
    • build: ensure that binaries are always statically built (#397, @rolinh)
    • Bump alpine base image to 3.13 (#472, @tklauser)
    • Bump github.com/cilium/cilium to pull in reworked agent/debug event API (#532, @tklauser)
    • ci: Add CodeQL analysis (#475, @twpayne)
    • ci: Add dependabot configuration (#474, @twpayne)
    • ci: do not upload artifacts (#485, @rolinh)
    • ci: fix dependabot kind/enhancement label (#477, @kaworu)
    • cmd/node: fix completion of output flag (#466, @rolinh)
    • cmd/node: Refactor & Test output methods (#496, @simar7)
    • cmd/observe: don't list agent/debug events and recorder captures in event type filter (#534, @tklauser)
    • cmd/observe: print filters in debug mode (#502, @rolinh)
    • cmd/observe: Print the entire request in debug mode (#515, @michi-covalent)
    • cmd/observe: use signal.NotifyContext to cancel context on SIGINT (#539, @rolinh)
    • cmd/peer: Refactor and test processing of response (#499, @simar7)
    • cmd: change "node list" command for "list node" (#541, @rolinh)
    • cmd: change 'peers watch' command to 'watch peers' (#542, @rolinh)
    • cmd: use config key constants instead of hardcoded strings (#471, @rolinh)
    • completion: remove the copyright header (#444, @kaworu)
    • doc: #hubble-devel on Slack is now #sig-hubble (#495, @rolinh)
    • doc: fix broken links (#406, @rolinh)
    • Dockerfile: use alpine 3.12 (#540, @aanm)
    • docs: Point to stable documentation (#414, @joestringer)
    • Ensure build with Cilium master (#463, @gandro)
    • Fix brokenlink on README.md (#500, @kaitoii11)
    • make: set missing IMAGE_TAG variable (#432, @rolinh)
    • Makefile: Add support for DOCKER_FLAGS environment variable (#456, @jrajahalme)
    • Move version into VERSION file (#434, @glibsm)
    • readme: bump versions in releases table (#400, @rolinh)
    • readme: update releases table, mark Hubble Relay as stable (#404, @rolinh)
    • release: fix release binary usage instruction (#396, @rolinh)
    • Revert "ci: fix dependabot kind/enhancement label" (#493, @kaworu)
    • set version to 0.8.0-dev (#393, @rolinh)
    • stable.txt: Bump to v0.7.0 (#405, @gandro)
    • Switch protobuf module to google.golang.org/protobuf (#452, @tklauser)
    • update CHANGELOG for releases v0.6.1 and v0.7.0 (#398, @rolinh)
    • Update Go to 1.15.4 (#416, @rolinh)
    • Update Go to 1.15.5 (#423, @tklauser)
    • Update Go to 1.15.6 (#446, @tklauser)
    • Update Go to 1.15.7 (#467, @tklauser)
    • Update Go to 1.15.8 (#478, @tklauser)
    • Update Go to 1.16.1 (#507, @tklauser)
    • Update Go to 1.16.2 (#510, @rolinh)
    • Update Go to 1.16.3 (#526, @tklauser)
    • update Go to v1.16.0 (#487, @rolinh)
    • update readme and stable.txt for v0.7.1 (#410, @rolinh)
    • update release instructions (#399, @rolinh)
    • Update RELEASE.md with -dev change (#520, @rolinh)
    • vendor: bump Cilium and grpc (#538, @rolinh)
    • vendor: bump github.com/cilium/cilium (#482, @rolinh)
    • vendor: bump github.com/cilium/cilium (#528, @rolinh)
    • vendor: bump github.com/google/go-cmp from 0.5.4 to 0.5.5 (#504, @rolinh)
    • vendor: bump google.golang.org to v1.33.2 (#437, @tklauser)
    • vendor: bump google.golang.org/grpc to v1.34.0 (#457, @tklauser)
    • vendor: bump google.golang.org/grpc to v1.35.0 (#464, @tklauser)
    • vendor: bump google.golang.org/grpc to v1.36.0 (#498, @rolinh)
    • vendor: Bump gopkg.in/yaml.v2 to v2.4.0 (#441, @twpayne)
    • vendor: bump honnef.co/go/tools from v0.1.1 to v0.1.2 (#494, @rolinh)
    • vendor: bump honnef.co/go/tools from v0.1.2 to v0.1.3 (#513, @rolinh)
    • vendor: bump honnef.co/go/tools to v0.1.1 (#484, @rolinh)
    Source code(tar.gz)
    Source code(zip)
    hubble-darwin-amd64.tar.gz(4.38 MB)
    hubble-darwin-amd64.tar.gz.sha256sum(93 bytes)
    hubble-darwin-arm64.tar.gz(4.26 MB)
    hubble-darwin-arm64.tar.gz.sha256sum(93 bytes)
    hubble-linux-386.tar.gz(3.92 MB)
    hubble-linux-386.tar.gz.sha256sum(90 bytes)
    hubble-linux-amd64.tar.gz(4.20 MB)
    hubble-linux-amd64.tar.gz.sha256sum(92 bytes)
    hubble-linux-arm.tar.gz(3.84 MB)
    hubble-linux-arm.tar.gz.sha256sum(90 bytes)
    hubble-linux-arm64.tar.gz(3.80 MB)
    hubble-linux-arm64.tar.gz.sha256sum(92 bytes)
    hubble-windows-386.tar.gz(4.10 MB)
    hubble-windows-386.tar.gz.sha256sum(92 bytes)
    hubble-windows-amd64.tar.gz(4.27 MB)
    hubble-windows-amd64.tar.gz.sha256sum(94 bytes)
  • v0.7.0(Oct 19, 2020)

    Minor Changes:

    • Add config subcommand (#380, @Rolinh)
    • Add reflect command (#378, @michi-covalent)
    • cmd/observe: Add HTTP method and path filters (#371, @twpayne)
    • cmd/peer: print tls.ServerName when available (#374, @Rolinh)
    • cmd/status: Add flows per second to hubble status (#330, @gandro)
    • cmd/status: print node availability information when available (#328, @Rolinh)
    • cmd/status: report current/max flows on the same line (#346, @Rolinh)
    • cmd: add support for fish and powershell completion (#316, @Rolinh)
    • cmd: add support for TLS and mTLS (#372, @Rolinh)
    • cmd: honor user configuration directory for the configuration file (#375, @Rolinh)
    • cmd: remove globals, optimize grpc client conn creation, remove pprof (#369, @Rolinh)
    • Dockerfile: Remove ENTRYPOINT (#355, @michi-covalent)
    • printer: ommit node name from output (#358, @mdnix)
    • Update Go to v1.15, drop support for darwin/386, add support for linux/[arm,arm64] (#343, @Rolinh)

    Bugfixes:

    • cmd/status: do not report flows ratio when max flows is zero (#345, @Rolinh)
    • make: fix git hash variable assignments for old make versions (#290, @Rolinh)

    Misc Changes:

    • .gitattributes: hide go.sum and vendor/modules.txt in pull requests (#317, @Rolinh)
    • actions: add go-mod check (#382, @Rolinh)
    • Add staticcheck to make check (#344, @tklauser)
    • Clarify wording in README (#341, @christarazi)
    • cmd/config: only write provided key/value when using set subcommand (#385, @Rolinh)
    • cmd: fix help message for the -config flag (#377, @Rolinh)
    • cmd: update observe and status command description/formatting (#390, @Rolinh)
    • defaults: avoid stutter in exported names (#383, @tklauser)
    • docs: Add link to Cilium Development Guide (#376, @twpayne)
    • Fixes SC2038 in check-fmt.sh (#360, @nebril)
    • make: fix release build directory ownership (#321, @kAworu)
    • make: vendor in ineffassign, staticcheck, and golint (#357, @kAworu)
    • observe: Document default flow count output (#318, @joestringer)
    • printer: avoid duplicate import (#342, @tklauser)
    • printer: use fmt.Fprintln instead of fmt.Fprintf (#347, @tklauser)
    • README: fix broken link to metrics documentation (#327, @Rolinh)
    • Readme: remove old beta warning and make a components table (#322, @glibsm)
    • README: Update links (#351, @pchaigno)
    • Remove version from release artifact file names (#293, @michi-covalent)
    • tutorials: Fix README.md (#340, @jrajahalme)
    • Update Cilium dep and fix unit tests that subsequently broke (#335, @Rolinh)
    • Update Go to 1.15.3 (#386, @tklauser)
    • update Go version to v1.14.7 (#336, @Rolinh)
    • update Go version to v1.15.2 (#365, @Rolinh)
    • v0.7: vendor: bump cilium to v1.9.0-rc2 to track cilium v1.9 branch (#394, @Rolinh)
    • vendor: bump cilium to master right before branching v1.9 (#392, @Rolinh)
    • vendor: bump cobra to v1.1.1 (#391, @twpayne)
    • vendor: bump dependencies (#389, @Rolinh)
    • vendor: go mod tidy && go mod vendor && go mod verify (#381, @Rolinh)
    • vendor: update [email protected], [email protected] (#373, @Rolinh)

    Other Changes:

    • Add little helper actions (#326, @glibsm)
    • Add RELEASE.md with release checklist (#281, @glibsm)
    • Add stable.txt (#299, @michi-covalent)
    • add v0.6.0 release notes to changelog and bump version to 0.7.0-dev (#275, @Rolinh)
    • Build release artifacts inside a container (#295, @michi-covalent)
    • docs: Re-add images linked in README (#309, @gandro)
    • Fix v0.6 branch link in README (#306, @gandro)
    • Generate release binaries (#285, @Rolinh)
    • Prepare for Cilium 1.8 (#305, @gandro)
    • printer: Add jsonpb output (#302, @michi-covalent)
    • Remove contrib/scripts/release.sh (#297, @michi-covalent)
    • Require Cilium 1.7.x (#283, @tgraf)
    • Update Go to v1.14.6 (#320, @Rolinh)
    • update Go version to v1.14.4 and alpine base image to v3.12 (#278, @Rolinh)
    • update Go version to v1.14.5 (#319, @Rolinh)
    • vendor: [email protected] (#313, @glibsm)
    Source code(tar.gz)
    Source code(zip)
    hubble-darwin-amd64.tar.gz(4.35 MB)
    hubble-darwin-amd64.tar.gz.sha256sum(93 bytes)
    hubble-linux-386.tar.gz(3.87 MB)
    hubble-linux-386.tar.gz.sha256sum(90 bytes)
    hubble-linux-amd64.tar.gz(4.15 MB)
    hubble-linux-amd64.tar.gz.sha256sum(92 bytes)
    hubble-linux-arm.tar.gz(3.79 MB)
    hubble-linux-arm.tar.gz.sha256sum(90 bytes)
    hubble-linux-arm64.tar.gz(3.75 MB)
    hubble-linux-arm64.tar.gz.sha256sum(92 bytes)
    hubble-windows-386.tar.gz(3.98 MB)
    hubble-windows-386.tar.gz.sha256sum(92 bytes)
    hubble-windows-amd64.tar.gz(4.16 MB)
    hubble-windows-amd64.tar.gz.sha256sum(94 bytes)
  • v0.5.2(Jul 28, 2020)

    Summary of Changes

    Misc Changes:

    • Update Go version to v1.14.4 and alpine base image to v3.12 (#279, @Rolinh)
    • Update Go version to v1.14.5 (#319, @Rolinh, backport PR #323)
    • Update Go version to v1.14.6 (#320, @Rolinh, backport PR #323)
    • backport/v0.5: update Go version, pull in a fix (#274, @Rolinh)
    • helm: Pin Hubble v0.5.1 in v0.5 branch (#249, @gandro)
    • printer: Fall back on ethernet MAC addresses (#262, @Rolinh)
    • Ratelimit cilium identity fetch (#270, @glibsm)
    • v0.5: Pin Hubble and Cilium branches (#301, @gandro)
    Source code(tar.gz)
    Source code(zip)
  • v0.6.0(May 29, 2020)

    Bugfixes:

    • api: fix potential panic in endpoint's EqualsByID (#199, @Rolinh)

    Misc Changes:

    • cmd: add hidden 'peer' command (#248, @Rolinh)
    • update Go version to v1.14.2 (#226, @Rolinh)
    • update Go version to v1.14.3 (#258, @Rolinh)

    Other Changes:

    • actions: Trigger on release branches (#233, @michi-covalent)
    • Add changelog (#203, @glibsm)
    • add peer gRPC service (#212, @Rolinh)
    • Add support for policy verdict events (#200, @gandro)
    • adjust dockerfile and makefile for "serve" command removal (#263, @Rolinh)
    • Adjust to moved PolicyMatchType location (#222, @tgraf)
    • api: Small fixes to the protoc invocations in Makefile (#206, @gandro)
    • Bring back HUBBLE_DEFAULT_SOCKET_PATH env var (#239, @gandro)
    • cmd/observe: use flags.DurationVar instead of StringVar for timeout flag (#210, @Rolinh)
    • cmd/serve: refactor, introduce Server struct and options (#208, @Rolinh)
    • cmd: Export RootCmd (#237, @glibsm)
    • cmd: Finish config move (#254, @glibsm)
    • cmd: Make all sub-commands more prominent (#255, @glibsm)
    • cmd: Make pprof optional (#269, @gandro)
    • cmd: Move completion and profile code from root (#246, @glibsm)
    • defaults: Introduce new defaults for embedded Hubble (#224, @gandro)
    • doc: Add a Quickstart section to the documentation (#243, @michi-covalent)
    • doc: Update DNS visibility policy (#259, @michi-covalent)
    • docker: ensure the hubble binary is statically built (#272, @Rolinh)
    • fix: add skipped quote in hubble-all-minikube.yaml (#225, @geakstr)
    • helm: Update hubble cli options (#245, @michi-covalent)
    • l7: Add "Error" verdict (#211, @michi-covalent)
    • make: optimize binary size by omitting symbol table and debug info (#268, @Rolinh)
    • observe: Disable port-translation by default (#236, @michi-covalent)
    • observe: Remove --port-translation (#271, @michi-covalent)
    • observe: Show all the event types by default (#241, @michi-covalent)
    • OnBuildFilter (#209, @tgraf)
    • printer: Add support for NodeStatusEvent (#260, @gandro)
    • printer: Fall back on ethernet MAC addresses (#261, @gandro)
    • printer: Use policy verdict match type formatter from Cilium (#205, @gandro)
    • Rebase vendored github.com/cilium (#232, @tgraf)
    • Remove all server-side code (#220, @tgraf)
    • Remove logger package (#221, @tgraf)
    • server: Introduce per-request context (#216, @gandro)
    • server: Match time range before filters (#213, @tgraf)
    • Set version to 0.6.0-dev (#202, @glibsm)
    • vendor: Bump github.com/cilium/cilium (#223, @gandro)
    • vendor: pick up latest cilium (#247, @Rolinh)
    • vendor: update cilium and sync replace directives (#207, @Rolinh)
    Source code(tar.gz)
    Source code(zip)
Owner
Cilium
eBPF-based Networking, Security, and Observability
Cilium
network-node-manager is a kubernetes controller that controls the network configuration of a node to resolve network issues of kubernetes.

Network Node Manager network-node-manager is a kubernetes controller that controls the network configuration of a node to resolve network issues of ku

kakao 97 Jun 12, 2022
๐Ÿ”ฅ ๐Ÿ”ฅ Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. ๐Ÿ”ฅ ๐Ÿ”ฅ

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her

null 1.7k Jun 22, 2022
Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

Open Service Mesh (OSM) Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure,

Open Service Mesh 2.4k Jun 24, 2022
K8s-network-config-operator - Kubernetes network config operator to push network config to switches

Kubernetes Network operator Will add more to the readme later :D Operations The

Daniel Hertzberg 6 May 16, 2022
Kepler (Kubernetes-based Efficient Power Level Exporter) uses eBPF to probe energy related system stats and exports as Prometheus metrics

kepler Kepler (Kubernetes Efficient Power Level Exporter) uses eBPF to probe energy related system stats and exports as Prometheus metrics Architectur

Sustainable Computing 78 Jun 22, 2022
Secure Distributed Thanos Deployment using an Observability Cluster

Atlas Status: BETA - I don't expect breaking changes, but still possible. Atlas, forced by Zeus to support the heavens and the skies on his shoulders.

Atlas 39 Jun 11, 2022
ip-masq-agent-v2 aims to solve more specific networking cases, allow for more configuration options, and improve observability compared to the original.

ip-masq-agent-v2 Based on the original ip-masq-agent, v2 aims to solve more specific networking cases, allow for more configuration options, and impro

Microsoft Azure 3 Jun 1, 2022
Measure the overheads of various observability tools, especially profilers.

strong: WIP - NOT READY TO LOOK AT go-observability-bench Terminology Workload: A Go function performing a small task (< 100ms) like parsing a big blo

Felix Geisendรถrfer 14 Apr 23, 2022
A K8s ClusterIP HTTP monitoring library based on eBPF

Owlk8s Seamless RED monitoring of k8s ClusterIP HTTP services. This library provides RED (rate,error,duration) monitoring for all(by default but exclu

null 17 Jun 16, 2022
This manager helps handle the life cycle of your eBPF programs

eBPF Manager This repository implements a manager on top of Cilium's eBPF library. This declarative manager simplifies attaching and detaching eBPF pr

Datadog, Inc. 22 Jun 20, 2022
Metrics collector and ebpf-based profiler for C, C++, Golang, and Rust

Apache SkyWalking Rover SkyWalking Rover: Metrics collector and ebpf-based profiler for C, C++, Golang, and Rust. Documentation Official documentation

The Apache Software Foundation 42 Jun 29, 2022
Provide task runtime implementation with pidfd and eBPF sched_process_exit tracepoint to manage deamonless container with low overhead.

embedshim The embedshim is the kind of task runtime implementation, which can be used as plugin in containerd. With current shim design, it is used to

Fu Wei 87 Jun 1, 2022
Kubernetes Pod Security Standards implementation

Pod Security Admission The Pod Security Standards are a set of best-practice profiles for running pods securely. This repository contains the codified

Kubernetes 61 Jun 22, 2022
Cheiron is a Kubernetes Operator made with OperatorSDK for reconciling service account and attaching imagePullSecrets to service accounts automatically

anny-co/cheiron NOTE: Cheiron is currently in very early stages of development and and far from anything usable. Feel free to contribute if you want t

anny 2 Sep 13, 2021
The OCI Service Operator for Kubernetes (OSOK) makes it easy to connect and manage OCI services from a cloud native application running in a Kubernetes environment.

OCI Service Operator for Kubernetes Introduction The OCI Service Operator for Kubernetes (OSOK) makes it easy to create, manage, and connect to Oracle

Oracle 22 Jun 17, 2022
kitex running in kubernetes cluster and discover each other in kubernetes Service way

Using kitex in kubernetes Kitex [kaษชt'eks] is a high-performance and strong-extensibility Golang RPC framework. This go module helps you to build mult

adolli 1 Feb 21, 2022
cluster-api-state-metrics (CASM) is a service that listens to the Kubernetes API server and generates metrics about the state of custom resource objects related of Kubernetes Cluster API.

Overview cluster-api-state-metrics (CASM) is a service that listens to the Kubernetes API server and generates metrics about the state of custom resou

Daimler Group 56 Jun 20, 2022
Kubernetes OS Server - Kubernetes Extension API server exposing OS configuration like sysctl via Kubernetes API

KOSS is a Extension API Server which exposes OS properties and functionality using Kubernetes API, so it can be accessed using e.g. kubectl. At the moment this is highly experimental and only managing sysctl is supported. To make things actually usable, you must run KOSS binary as root on the machine you will be managing.

Mateusz Gozdek 3 May 19, 2021