// the find
cilium/hubble
Hubble - Network, Service & Security Observability for Kubernetes using eBPF
Hubble is the observability layer for Cilium-based Kubernetes clusters, using eBPF to capture network flows at L3/L4/L7 without any application changes. It provides a CLI, metrics exporter, multi-node relay, and a web UI for visualizing service maps and traffic flows. If you're running Cilium, this is the standard way to get network visibility.
- Zero-instrumentation visibility: because it hooks into eBPF inside Cilium, you get HTTP/DNS/Kafka protocol details and policy drop reasons without sidecars or app changes
- The allowlist/denylist flow filter system using proto3 JSON is genuinely flexible — piping hubble observe into jq for ad-hoc queries works well in practice
- Hubble Relay enables multi-node flow aggregation over gRPC, so you get cluster-wide visibility from a single endpoint rather than querying each node separately
- Active maintenance with a clear release table, CODEOWNERS, and CI workflows — this is a production-grade project, not a side experiment
- Hard Cilium dependency: if you're not running Cilium as your CNI, this is a non-starter — there's no abstraction layer or adapter for other CNIs
- The Hubble UI is still marked Beta and it shows — the service map doesn't scale well to large clusters with hundreds of services, and filtering options in the UI lag behind the CLI
- Flow data is in-memory with a configurable ring buffer; there's no built-in long-term storage or query interface — you have to ship flows to an external system (Loki, etc.) yourself if you want history beyond the buffer
- The vendor directory is massive (Azure SDK, antlr4, full Cilium API client) which suggests dependency creep; the primary language is listed as Makefile because the actual Go code lives mostly in the cilium/cilium monorepo, making this repo feel like a thin CLI wrapper with a huge vendored footprint