Merge pull request #123 from projectsyn/feat/hubble-metrics

Enable some hubble metrics by default

class/defaults.yml

@@ -33,6 +33,13 @@ parameters:
       endpointRoutes:
         enabled: true
       hubble:
+        metrics:
+          enabled:
+            - 'httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity'
+            - 'dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity'
+            - 'drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity'
+          serviceMonitor:
+            enabled: true
         relay:
           enabled: true
         tls:

tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml

@@ -113,6 +113,10 @@ spec:
               hostPort: 9964
               name: envoy-metrics
               protocol: TCP
+            - containerPort: 9965
+              hostPort: 9965
+              name: hubble-metrics
+              protocol: TCP
           readinessProbe:
             failureThreshold: 3
             httpGet:

tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml

@@ -35,6 +35,7 @@ data:
   enable-health-check-nodeport: 'true'
   enable-health-checking: 'true'
   enable-hubble: 'true'
+  enable-hubble-open-metrics: 'false'
   enable-ipv4: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv4-masquerade: 'true'
@@ -59,6 +60,10 @@ data:
   hubble-export-file-max-backups: '5'
   hubble-export-file-max-size-mb: '10'
   hubble-listen-address: :4244
+  hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+  hubble-metrics-server: :9965
   hubble-socket-path: /var/run/cilium/hubble.sock
   identity-allocation-mode: crd
   identity-gc-interval: 15m0s

tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    k8s-app: hubble
+  name: hubble-metrics
+  namespace: cilium
+spec:
+  clusterIP: None
+  ports:
+    - name: hubble-metrics
+      port: 9965
+      protocol: TCP
+      targetPort: hubble-metrics
+  selector:
+    k8s-app: cilium
+  type: ClusterIP

tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/part-of: cilium
+  name: hubble
+  namespace: cilium
+spec:
+  endpoints:
+    - honorLabels: true
+      interval: 10s
+      path: /metrics
+      port: hubble-metrics
+      relabelings:
+        - replacement: ${1}
+          sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: node
+  namespaceSelector:
+    matchNames:
+      - cilium
+  selector:
+    matchLabels:
+      k8s-app: hubble

tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml

@@ -113,6 +113,10 @@ spec:
               hostPort: 9964
               name: envoy-metrics
               protocol: TCP
+            - containerPort: 9965
+              hostPort: 9965
+              name: hubble-metrics
+              protocol: TCP
           readinessProbe:
             failureThreshold: 3
             httpGet:

tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml

@@ -34,6 +34,7 @@ data:
   enable-health-check-nodeport: 'true'
   enable-health-checking: 'true'
   enable-hubble: 'true'
+  enable-hubble-open-metrics: 'false'
   enable-ipv4: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv4-masquerade: 'true'
@@ -58,6 +59,10 @@ data:
   hubble-export-file-max-backups: '5'
   hubble-export-file-max-size-mb: '10'
   hubble-listen-address: :4244
+  hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+  hubble-metrics-server: :9965
   hubble-socket-path: /var/run/cilium/hubble.sock
   identity-allocation-mode: crd
   identity-gc-interval: 15m0s

tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    k8s-app: hubble
+  name: hubble-metrics
+  namespace: cilium
+spec:
+  clusterIP: None
+  ports:
+    - name: hubble-metrics
+      port: 9965
+      protocol: TCP
+      targetPort: hubble-metrics
+  selector:
+    k8s-app: cilium
+  type: ClusterIP

tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/part-of: cilium
+  name: hubble
+  namespace: cilium
+spec:
+  endpoints:
+    - honorLabels: true
+      interval: 10s
+      path: /metrics
+      port: hubble-metrics
+      relabelings:
+        - replacement: ${1}
+          sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: node
+  namespaceSelector:
+    matchNames:
+      - cilium
+  selector:
+    matchLabels:
+      k8s-app: hubble

tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml

@@ -113,6 +113,10 @@ spec:
               hostPort: 9964
               name: envoy-metrics
               protocol: TCP
+            - containerPort: 9965
+              hostPort: 9965
+              name: hubble-metrics
+              protocol: TCP
           readinessProbe:
             failureThreshold: 3
             httpGet:

tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml

@@ -34,6 +34,7 @@ data:
   enable-health-check-nodeport: 'true'
   enable-health-checking: 'true'
   enable-hubble: 'true'
+  enable-hubble-open-metrics: 'false'
   enable-ipv4: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv4-egress-gateway: 'true'
@@ -59,6 +60,10 @@ data:
   hubble-export-file-max-backups: '5'
   hubble-export-file-max-size-mb: '10'
   hubble-listen-address: :4244
+  hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+  hubble-metrics-server: :9965
   hubble-socket-path: /var/run/cilium/hubble.sock
   identity-allocation-mode: crd
   identity-gc-interval: 15m0s

tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    k8s-app: hubble
+  name: hubble-metrics
+  namespace: cilium
+spec:
+  clusterIP: None
+  ports:
+    - name: hubble-metrics
+      port: 9965
+      protocol: TCP
+      targetPort: hubble-metrics
+  selector:
+    k8s-app: cilium
+  type: ClusterIP

tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/part-of: cilium
+  name: hubble
+  namespace: cilium
+spec:
+  endpoints:
+    - honorLabels: true
+      interval: 10s
+      path: /metrics
+      port: hubble-metrics
+      relabelings:
+        - replacement: ${1}
+          sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: node
+  namespaceSelector:
+    matchNames:
+      - cilium
+  selector:
+    matchLabels:
+      k8s-app: hubble

tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml

@@ -113,6 +113,10 @@ spec:
               hostPort: 9964
               name: envoy-metrics
               protocol: TCP
+            - containerPort: 9965
+              hostPort: 9965
+              name: hubble-metrics
+              protocol: TCP
           readinessProbe:
             failureThreshold: 3
             httpGet:

tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml

@@ -34,6 +34,7 @@ data:
   enable-health-check-nodeport: 'true'
   enable-health-checking: 'true'
   enable-hubble: 'true'
+  enable-hubble-open-metrics: 'false'
   enable-ipv4: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv4-masquerade: 'true'
@@ -58,6 +59,10 @@ data:
   hubble-export-file-max-backups: '5'
   hubble-export-file-max-size-mb: '10'
   hubble-listen-address: :4244
+  hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+  hubble-metrics-server: :9965
   hubble-socket-path: /var/run/cilium/hubble.sock
   identity-allocation-mode: crd
   identity-gc-interval: 15m0s

tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    k8s-app: hubble
+  name: hubble-metrics
+  namespace: cilium
+spec:
+  clusterIP: None
+  ports:
+    - name: hubble-metrics
+      port: 9965
+      protocol: TCP
+      targetPort: hubble-metrics
+  selector:
+    k8s-app: cilium
+  type: ClusterIP

tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/part-of: cilium
+  name: hubble
+  namespace: cilium
+spec:
+  endpoints:
+    - honorLabels: true
+      interval: 10s
+      path: /metrics
+      port: hubble-metrics
+      relabelings:
+        - replacement: ${1}
+          sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: node
+  namespaceSelector:
+    matchNames:
+      - cilium
+  selector:
+    matchLabels:
+      k8s-app: hubble

tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml

@@ -113,6 +113,10 @@ spec:
               hostPort: 9964
               name: envoy-metrics
               protocol: TCP
+            - containerPort: 9965
+              hostPort: 9965
+              name: hubble-metrics
+              protocol: TCP
           readinessProbe:
             failureThreshold: 3
             httpGet:

tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml

@@ -34,6 +34,7 @@ data:
   enable-health-check-nodeport: 'true'
   enable-health-checking: 'true'
   enable-hubble: 'true'
+  enable-hubble-open-metrics: 'false'
   enable-ipv4: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv4-masquerade: 'true'
@@ -58,6 +59,10 @@ data:
   hubble-export-file-max-backups: '5'
   hubble-export-file-max-size-mb: '10'
   hubble-listen-address: :4244
+  hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+    drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity
+  hubble-metrics-server: :9965
   hubble-socket-path: /var/run/cilium/hubble.sock
   identity-allocation-mode: crd
   identity-gc-interval: 15m0s

tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    k8s-app: hubble
+  name: hubble-metrics
+  namespace: cilium
+spec:
+  clusterIP: None
+  ports:
+    - name: hubble-metrics
+      port: 9965
+      protocol: TCP
+      targetPort: hubble-metrics
+  selector:
+    k8s-app: cilium
+  type: ClusterIP

tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/part-of: cilium
+  name: hubble
+  namespace: cilium
+spec:
+  endpoints:
+    - honorLabels: true
+      interval: 10s
+      path: /metrics
+      port: hubble-metrics
+      relabelings:
+        - replacement: ${1}
+          sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: node
+  namespaceSelector:
+    matchNames:
+      - cilium
+  selector:
+    matchLabels:
+      k8s-app: hubble