# RKE2 Cilium 啟用 Hubble * 在 rke2 匯入以下 yaml ``` $ echo 'apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system spec: valuesContent: |- hubble: enabled: true relay: enabled: true ui: enabled: true replicas: 1 ingress: enabled: true hosts: - hubble.example.com' | kubectl apply -f - ``` * 部屬好後會產生 ingress ``` $ kubectl -n kube-system get ing NAME CLASS HOSTS ADDRESS PORTS AGE hubble-ui nginx hubble.example.com 192.168.11.110,192.168.11.140,192.168.11.141,192.168.11.143,192.168.11.144 80 4m16s ``` * 進入 Hubble UI ![image](https://hackmd.io/_uploads/SJ-WCiUXyg.png) * 可以觀察到 pod 的流量方向 ![image](https://hackmd.io/_uploads/Bkveg3U71l.png) ## 進階設定 * 可以設定 `metrics:` 指定要收集的通訊協定指標。 * cilium 取代 kube-proxy 可以參考 https://hackmd.io/@7vxmAdNPTmmlYGSRMuvbmw/HyLtWKfbJx * 須先安裝好 rancher Monitoring 工具 ``` $ echo 'apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system spec: valuesContent: |- kubeProxyReplacement: "true" k8sServiceHost: 127.0.0.1 k8sServicePort: 6443 operator: replicas: 1 hubble: enabled: true metrics: serviceAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "9965" enabled: - dns:query;ignoreAAAA - drop - tcp - flow - port-distribution - icmp - http serviceMonitor: enabled: true relabelings: - sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: node replacement: ${1} relay: enabled: true ui: enabled: true replicas: 1 ingress: enabled: true hosts: - hubble.example.com prometheus: enabled: true' | kubectl apply -f - ``` ``` $ kubectl -n kube-system get servicemonitor NAME AGE hubble 54m rancher-monitoring-coredns 74d rancher-monitoring-ingress-nginx 74d rancher-monitoring-kubelet 74d ``` * 透過 Rancher UI 進到 Prometheus Targets,搜尋 ServiceMonitor 名稱,可以找到目前監控有哪些物件 ![image](https://hackmd.io/_uploads/HJFBNJsXkg.png) * 進到 Graph 搜尋指標 ![image](https://hackmd.io/_uploads/rJWwN1jQyg.png) * 可以找到 hubble & cilium-operator export 的相關指標 > 搜尋 hubble_ ![image](https://hackmd.io/_uploads/Sy7cNJoXJl.png) > 搜尋 cilium_operator_ ![image](https://hackmd.io/_uploads/HkfYKRiXkx.png) ## 參考 https://docs.cilium.io/en/stable/observability/metrics/#hubble-exported-metrics https://docs.rke2.io/networking/basic_network_options