Giters

cilium / hubble

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

No observability in sealed-secrets-controller

dcristobalhMad opened this issue Β· comments

commented

Hi team πŸ‘‹ !

We have a rare case in EKS, we use sealed-secrets as an application to handle the secrets and we do not see in Hubble the call traces or any network flows. On the other hand, we do see all the communications between all the applications we have in the cluster.

Installed versions:

  • Cilium 1.15.1
  • EKS v1.29
  • Sealed-secrets v0.24.4

Helm cilium values:

  set {
    name  = "cluster.id"
    value = "0"
  }

  set {
    name  = "cluster.name"
    value = "${local.cluster_name}"
  }

  set {
    name  = "encryption.nodeEncryption"
    value = "false"
  }
  set {
    name  = "hubble.enabled"
    value = true
  }

  set {
    name  = "hubble.ui.enabled"
    value = true
  }

  set {
    name  = "hubble.relay.enabled"
    value = true
  }

  set {
    name  = "hostPort.enabled"
    value = true
  }

  set {
    name  = "socketLB.enabled"
    value = true
  }

  set {
    name  = "nodePort.enabled"
    value = true
  }

  set {
    name  = "externalIPs.enabled"
    value = true
  }

  set {
    name  = "bandwithManager.enabled"
    value = true
  }

  set {
    name  = "eni.awsEnablePrefixDelegation"
    value = true
  }

  set {
    name  = "nodeinit.enabled"
    value = true
  }
  # Metrics
  set {
    name  = "hubble.metrics.enabled"
    value = "{dns:query;ignoreAAAA,drop,tcp,flow,icmp,http}"
  }

Cilium status:

KVStore:                 Ok   Disabled
Kubernetes:              Ok   1.29+ (v1.29.0-eks-c417bb3) [linux/amd64]
Kubernetes APIs:         ["EndpointSliceOrEndpoint", "cilium/v2::CiliumClusterwideNetworkPolicy", "cilium/v2::CiliumEndpoint", "cilium/v2::CiliumNetworkPolicy", "cilium/v2::CiliumNode", "cilium/v2alpha1::CiliumCIDRGroup", "core/v1::Namespace", "core/v1::Pods", "core/v1::Service", "networking.k8s.io/v1::NetworkPolicy"]
KubeProxyReplacement:    False   [eth0   10.1.2.227 fe80::10af:cbff:feaa:c1f7 (Direct Routing)]
Host firewall:           Disabled
SRv6:                    Disabled
CNI Chaining:            none
Cilium:                  Ok   1.15.1 (v1.15.1-a368c8f0)
NodeMonitor:             Listening for events on 16 CPUs with 64x4096 of shared memory
Cilium health daemon:    Ok
IPAM:                    IPv4: 3/254 allocated from 10.0.2.0/24,
IPv4 BIG TCP:            Disabled
IPv6 BIG TCP:            Disabled
BandwidthManager:        Disabled
Host Routing:            Legacy
Masquerading:            IPTables [IPv4: Enabled, IPv6: Disabled]
Controller Status:       27/27 healthy
Proxy Status:            OK, ip 10.0.2.184, 0 redirects active on ports 10000-20000, Envoy: embedded
Global Identity Range:   min 256, max 65535
Hubble:                  Ok              Current/Max Flows: 2583/4095 (63.08%), Flows/s: 2.62   Metrics: Ok
Encryption:              Disabled
Cluster health:          3/3 reachable   (2024-03-08T08:08:02Z)
Modules Health:          Stopped(0) Degraded(0) OK(11) Unknown(3)
commented

Issue with networking, sorry for the inconvenience