DigitalOcean Kubernetes (DOKS) is a managed Kubernetes service. Deploy Kubernetes clusters with a fully managed control plane, high availability, autoscaling, and native integration with DigitalOcean Load Balancers and volumes. DOKS clusters are compatible with standard Kubernetes toolchains and the DigitalOcean API and CLI.
DigitalOcean Kubernetes provides Cilium Hubble which you can use to get network observability for your DOKS clusters. Using Hubble, you can determine service dependencies, set up operational monitoring and alerts, monitor applications, and observe cluster security such as services accessing the cluster from outside and blocked connections.
By default, Hubble is enabled on all DOKS clusters. Because Hubble metrics can be resource intensive, we currently do not enable it by default.
We run two deployments, hubble-relay and hubble-ui, in a configuration that minimizes the resources the cluster uses. To see the deployments, run kubectl get deploy -n kube-system. The output looks similar to the following:
NAME READY UP-TO-DATE AVAILABLE AGE
cilium-operator 1/1 1 1 50m
coredns 2/2 2 2 47m
hubble-relay 1/1 1 1 48m
hubble-ui 1/1 1 1 48m
For the configuration details of the deployments, run kubectl get cm -n kube-system | egrep 'hubble|cilium'. The output looks similar to the following:
cilium-config 106 48m
hubble-relay-config 1 48m
hubble-ui-nginx 1 48m
To see a specific configuration file, for example hubble-ui-nginx, run:
kubectl get configmap -n kube-system hubble-ui-nginx -o yaml
To use the Hubble command-line tool and UI:
Install the Cilium CLI. For example, to install on MacOS, use the following commands:
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "arm64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
shasum -a 256 -c cilium-darwin-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-darwin-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-darwin-${CLI_ARCH}.tar.gz{,.sha256sum}
The commands check the SHA256 value, download the Cilium binary from GitHub for the amd64 architecture, and install the Cilium binary in the /usr/local/bin folder.
Install the Hubble CLI. For example, to install on MacOS, use the following commands:
HUBBLE_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt)
HUBBLE_ARCH=amd64
if [ "$(uname -m)" = "arm64" ]; then HUBBLE_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-darwin-${HUBBLE_ARCH}.tar.gz{,.sha256sum}
shasum -a 256 -c hubble-darwin-${HUBBLE_ARCH}.tar.gz.sha256sum
sudo tar xzvfC hubble-darwin-${HUBBLE_ARCH}.tar.gz /usr/local/bin
rm hubble-darwin-${HUBBLE_ARCH}.tar.gz{,.sha256sum}
The commands check the SHA256 value, download the Hubble client from GitHub for the amd64 architecture, and install Hubble in the /usr/local/bin folder.
Authenticate and connect to your DOKS cluster using kubeconfig.
To use Hubble at the command line:
Open a shell and run cilium hubble port-forward.
Since the command only port-forwards Hubble to your local terminal, you will not see any output for this command.
Open a second shell and run hubble observe.
For more information on these commands and their options, see the Hubble documentation.
To use the Hubble UI, open a shell and run the following command:
cilium hubble ui
This command automatically port-forwards to the Hubble UI on your cluster and opens your default browser with the Hubble UI. For more information, see the Hubble UI documentation.
If you don’t want to run the deployments for Hubble Relay and Hubble UI, you can scale them down to zero replicas. For example, run kubectl scale deploy hubble-ui --replicas=0 to disable the Hubble UI.