Cillium Logo

Hubble UI Provisioning

Laralord enhances the observability of DigitalOcean Kubernetes (DOKS) clusters by provisioning access to Hubble UI, a pre-installed tool for network observability. Hubble UI, built on Cilium and eBPF, provides a user-friendly interface for visualizing service dependencies, monitoring network traffic, and debugging interactions in Kubernetes clusters. This page details the Hubble UI deployment, its configurations, and its role in troubleshooting network issues for multi-tenant SaaS applications. For more information, refer to the official Hubble documentation.[](https://docs.cilium.io/en/stable/observability/hubble/setup/)

Hubble UI Interface
Hubble UI service map, securely accessed via Laralord’s SSO proxy

Hubble UI Overview

Hubble UI is the graphical interface for Hubble, a distributed networking and security observability platform built on Cilium and eBPF. Pre-installed on DigitalOcean Kubernetes (DOKS) clusters, Hubble UI enables real-time visualization of network flows, service dependencies, and policy enforcement at L3/L4 and L7 (e.g., HTTP, DNS). Laralord enhances Hubble UI accessibility by routing it through a secure APISIX Gateway, making it a powerful tool for debugging network interactions in multi-tenant environments.[](https://docs.digitalocean.com/products/kubernetes/how-to/use-cilium-hubble/)[](https://www.digitalocean.com/blog/cillium-hubble-on-digitalocean-kubernetes)

Hubble UI Deployment Details

Hubble UI is pre-installed in the kube-system namespace of DOKS clusters, alongside Hubble Relay, as part of the Cilium integration. Laralord configures secure access to Hubble UI via an APISIX Route. Key deployment aspects include:

  • Namespace: Deployed in the kube-system namespace, aligning with DOKS’s default Hubble setup for system-level observability.
  • APISIX Route: Configures an APISIX Route to expose Hubble UI on a custom domain, enforcing HTTP-to-HTTPS redirection for secure access and enabling Prometheus metrics for monitoring.
  • Timeout Settings: Sets connection, send, and read timeouts to 6 seconds, ensuring reliable access to the UI under varying network conditions.
  • Backend Service: Routes traffic to the hubble-ui service on port 80, leveraging DOKS’s pre-installed Hubble UI deployment.
  • Pre-Installed Components: Leverages DOKS’s default hubble-ui and hubble-relay deployments, minimizing resource overhead while providing cluster-wide flow visibility.[](https://docs.digitalocean.com/products/kubernetes/how-to/use-cilium-hubble/)

Key Features

Hubble UI, as provisioned by Laralord, offers the following features:

  • Service Dependency Map: Visualizes L3/L4 and L7 interactions (e.g., HTTP, DNS, Kafka) between services, simplifying dependency analysis.
  • Real-Time Flow Logs: Displays detailed network flow logs, including TCP connections, DNS queries, and HTTP requests, for debugging.
  • Policy Enforcement Insights: Shows connections blocked by network policies, aiding in security troubleshooting.
  • Namespace Filtering: Allows users to focus on specific namespaces, ideal for multi-tenant environments.
  • Prometheus Integration: Exposes metrics via APISIX, enabling monitoring of UI performance and network health.
  • Secure Access: Integrates with Laralord’s SSO and mTLS for authenticated, encrypted access to the UI.

Why Hubble UI?

Hubble UI is a critical tool for Kubernetes network observability, chosen by Laralord for its integration with DOKS and eBPF-powered insights. Its advantages include:

  • Debugging Efficiency: Simplifies troubleshooting of network issues (e.g., DNS failures, TCP timeouts, policy denials) with visual service maps and flow logs.[](https://cilium.io/blog/2019/11/19/announcing-hubble/)
  • Kubernetes Context: Adds pod, namespace, and policy context to network flows, unlike traditional tools like Wireshark.[](https://isovalent.com/blog/post/hubble-series-re-introducing-hubble/)
  • Pre-Installed in DOKS: Requires no additional setup in DOKS, with Laralord’s APISIX route providing secure access.[](https://www.digitalocean.com/blog/cillium-hubble-on-digitalocean-kubernetes)
  • Scalability: Handles large-scale clusters with minimal overhead, leveraging eBPF for efficient data collection.[](https://cilium.io/blog/2024/08/19/hubble-for-network-security-and-observability-part-2/)
  • User-Friendly Interface: Offers an intuitive UI for developers and operators to monitor and analyze network behavior.

Integration with Laralord

Hubble UI integrates seamlessly with Laralord’s multi-tenant SaaS platform, enhancing network observability for tenant applications. Key integrations include:

  • Tenant Debugging: Enables tenant-specific network analysis by filtering flows and dependencies within tenant namespaces.
  • APISIX Gateway: Routes Hubble UI traffic through APISIX on a custom domain, with Prometheus metrics and HTTPS enforcement.
  • Cert Manager: Applies TLS certificates to secure Hubble UI access, ensuring encrypted communication.
  • Vault Integration: Manages SSO credentials for Hubble UI access, securely distributing them to authorized users.
  • Argo CD Synergy: Complements Argo CD by providing visibility into network issues affecting deployed applications.

Secure Access with SSO

Laralord secures access to Hubble UI through a robust Single Sign-On (SSO) proxy integrated with APISIX Gateway, ensuring only authorized users can view network observability data. Key features of the secure access mechanism include:

  • SSO Authentication: Users log in via Laralord’s frontend, leveraging SSO to authenticate requests to Hubble UI.
  • mTLS Encryption: All traffic to Hubble UI is encrypted using mutual TLS (mTLS), requiring a client certificate managed by Laralord.
  • APISIX Gateway Proxy: Routes requests to Hubble UI on a custom domain (e.g., hubble-ui.your-domain), enforcing SSO, mTLS, and HTTP-to-HTTPS redirection.
  • Prometheus Metrics: Monitors UI access and performance, providing insights into usage patterns.
Laralord © 2024UI Build: 0.1.0-rc1-42-g4cde