Hubble is Cilium's observability layer that gives you real-time visibility into network flows across your Kubernetes cluster. Think Wireshark for cloud-native — but with L7 protocol awareness and Kubernetes context.
Free, open source, and built into Cilium. No extra installation if you already run Cilium.
Why Use the Hubble API?
- Network flow visibility — see every packet between pods, services, and external endpoints
- L7 protocol awareness — HTTP, gRPC, DNS, and Kafka flow inspection
- Kubernetes context — flows enriched with pod names, namespaces, labels
- Network policy debugging — see which policies allow/deny traffic in real time
Quick Setup
1. Enable Hubble
cilium hubble enable --ui
cilium hubble port-forward &
2. Observe Flows via CLI
# All flows in the cluster
hubble observe
# Flows for a specific pod
hubble observe --pod default/my-app
# Only DNS flows
hubble observe --protocol DNS
# Only dropped flows (policy denials)
hubble observe --verdict DROPPED
# HTTP flows with specific method
hubble observe --http-method GET --http-path "/api/users"
3. Query Flows via gRPC API
# Using grpcurl
grpcurl -plaintext localhost:4245 observer.Observer/GetFlows
# With filters
grpcurl -plaintext -d '{"whitelist": [{"source_pod": ["default/frontend"]}]}' \
localhost:4245 observer.Observer/GetFlows
4. Get Server Status
grpcurl -plaintext localhost:4245 observer.Observer/ServerStatus
# Returns: number of flows observed, current/max flows, uptime
5. List Nodes
hubble observe --node worker-1
hubble list nodes
Python Example
import grpc
import observer_pb2
import observer_pb2_grpc
channel = grpc.insecure_channel('localhost:4245')
stub = observer_pb2_grpc.ObserverStub(channel)
# Get server status
status = stub.ServerStatus(observer_pb2.ServerStatusRequest())
print(f"Flows observed: {status.num_flows}")
print(f"Max flows: {status.max_flows}")
print(f"Uptime: {status.uptime_ns / 1e9:.0f}s")
# Stream flows
req = observer_pb2.GetFlowsRequest(number=10)
for flow_response in stub.GetFlows(req):
f = flow_response.flow
print(f"{f.source.pod_name} -> {f.destination.pod_name} | Verdict: {f.verdict}")
Key Endpoints (gRPC)
| Use Case | RPC Method | Description |
|---|---|---|
| Stream flows | Observer/GetFlows | Real-time flow stream |
| Server status | Observer/ServerStatus | Node stats and uptime |
| Get nodes | Observer/GetNodes | List Hubble nodes |
| Flow aggregation | Observer/GetAgentEvents | Agent-level events |
Flow Fields
Each flow contains:
- Source/destination pod, namespace, labels, identity
- L3: IP addresses
- L4: TCP/UDP ports, flags
- L7: HTTP method/path/status, DNS query/response, Kafka topic
- Verdict: FORWARDED, DROPPED, AUDIT
- Policy that matched
Need custom data extraction or scraping solution? I build production-grade scrapers for any website. Email: Spinov001@gmail.com | My Apify Actors
Top comments (0)