Download as PDF, PPTX
More Related Content
Similar to Kubernetes Network Observability with Cilium and Hubble
Kubernetes Network Observability with Cilium and Hubble
- 1. Kubernetes Network Observability with Ciliumand Hubble Speaker: Tomasz Tarczyński
- 2. • Customer ReliabilityEngineer • Helping Isovalent Enterprise customers meet their reliability requirements with Tomasz Tarczyński
- 3. ● Kubernetes Networking101 ● CNI ● Cilium and Hubble ● Observability
- 4. • IPAM: DynamicCNI • Routing: Dynamic CNI Kubernetes Networking
- 5. • IPAM: DynamicCNI • Routing: Dynamic CNI • East-West connectivity: ○ Service type: ClusterIP (kube-proxy) Kubernetes Networking
- 6. • IPAM: DynamicCNI • Routing: Dynamic CNI • East-West connectivity: ○ Service type: ClusterIP (kube-proxy) • Service discovery: Dynamic CoreDNS Kubernetes Networking
- 7. • IPAM: DynamicCNI • Routing: Dynamic CNI • East-West connectivity: ○ Service type: ClusterIP (kube-proxy) • Service discovery: Dynamic CoreDNS • North-South Connectivity: ○ Service type: LoadBalancer (kube-proxy) Kubernetes Networking
- 8. • IPAM: DynamicCNI • Routing: Dynamic CNI • East-West connectivity: ○ Service type: ClusterIP (kube-proxy) • Service discovery: Dynamic CoreDNS • North-South Connectivity: ○ Service type: LoadBalancer (kube-proxy) • Security: ○ NetworkPolicy CNI ○ Transparent Encryption CNI / Service Mesh) Kubernetes Networking
- 9. ● Kubernetes Networking101 ● CNI ● Cilium and Hubble ● Observability
- 10. ● Container NetworkInterface CNI CNI
- 11. ● Container NetworkInterface CNI ● Dynamic network configuration CNI
- 12. ● Container NetworkInterface CNI ● Dynamic network configuration ● Interface for: ○ Configuring the network ○ IP Address Management IPAM ○ Connectivity across hosts CNI
- 13. ● Container NetworkInterface CNI ● Dynamic network configuration ● Interface for: ○ Configuring the network ○ IP Address Management IPAM ○ Connectivity across hosts CNI
- 14. ● Container NetworkInterface CNI ● Dynamic network configuration ● Interface for: ○ Configuring the network ○ IP Address Management IPAM ○ Connectivity across hosts ● Routing: ○ Encapsulation ○ Native-Routing CNI
- 15. ● Container NetworkInterface CNI ● Dynamic network configuration ● Interface for: ○ Configuring the network ○ IP Address Management IPAM ○ Connectivity across hosts ● Routing: ○ Encapsulation ○ Native-Routing ● CNI plugins CNI
- 16. ● Kubernetes Networking101 ● CNI ● Cilium and Hubble ● Observability
- 17.
- 18.
- 19. Declarative Intent cilium-agent watchesK8s API objects: ● K8s Nodes ● K8s Pods ● Network Policies ● Services + Endpoints Cilium Architecture
- 20.
- 21. ● Kubernetes Networking101 ● CNI ● Cilium and Hubble ● Observability
- 22. Demo ● Golden Signalsin Grafana ● Zero Trust Visibility
- 24. flow: sourceContext=workload-name|reserved-identity; destinationContext=workload-name|reserved-identity ● flow ○ flows_processed_total– Total number of flows processed Metrics https://docs.cilium.io/en/stable/observability/metrics/#hubble
- 25. httpV2: labelsContext= source_ip,source_namespace,source_workload, destination_ip,destination_namespace,destination_workload, traffic_direction; sourceContext=workload-name|reserved-identity; destinationContext=workload-name|reserved-identity ● httpV2 ○ http_requests_total– Count of HTTP requests ○ http_request_duration_seconds – Histogram of HTTP request duration in seconds Metrics https://docs.cilium.io/en/stable/observability/metrics/#hubble
- 26. ● Kubernetes Networking101 ● CNI ● Cilium and Hubble ● Observability
- 27. Want to LearnMore? https://isovalent.com/resource-library/labs/
- 28.
- 29. ● Cilium Labs: ○https://isovalent.com/resource-library/labs/ ● Hubble Metrics Docs: ○ https://docs.cilium.io/en/stable/observability/metrics/#hubble ● Grafana Dashboards: ○ https://grafana.com/grafana/dashboards/18015-cilium-policy-verdicts/ ○ https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/files/hubbl e/dashboards/hubble-l7-http-metrics-by-workload.json Links