Cilium
Cilium provider enables topology discovery by analyzing network flows between services in your Kubernetes cluster using Hubble.
Authentication
This provider requires authentication.
- cilium_base_endpoint: The base endpoint of the cilium hubble relay (required: True, sensitive: False)
In workflows
This provider can’t be used as a “step” or “action” in workflows. If you want to use it, please let us know by creating an issue in the GitHub repository.
Topology
This provider pulls topology to Keep. It could be used in correlations and mapping, and as a context for alerts and incidents.
Overview
Cilium provider is in Beta and is not working with authentication yet.
The current way to pull topology data from your kubernetes cluster, is to run:
and then use localhost:4245
to pull topology data.
If you need help with connecting Cilium provider, reach out.
The Cilium provider leverages Hubble’s network flow data to automatically discover service dependencies and build a topology map of your Kubernetes applications.
Authentication Parameters
Parameter | Description | Example |
---|---|---|
cilium_base_endpoint | The base endpoint of the Cilium Hubble relay | localhost:4245 |
Outputs
The provider returns topology information including:
- Service names and their dependencies
- Namespace information
- Pod labels and cluster metadata
- Network-based relationships between services
Service Discovery Logic
The provider identifies services using the following hierarchy:
- Workload name (if available)
- Kubernetes labels (
k8s:app=
ork8s:app.kubernetes.io/name=
) - Pod name (stripped of deployment suffixes)
Requirements
- A running Kubernetes cluster with Cilium installed
- Hubble enabled and accessible via gRPC
- Network visibility (flow logs) enabled in Cilium
Limitations
- Only captures active network flows between pods
- Service discovery is limited to pods with proper Kubernetes labels
- Requires direct access to the Hubble relay endpoint
Useful Links
Google Kubernetes Engine specific
If you are using a GKE cluster, you cannot connect Keep to the Google-managed hubble-relay directly because:
- hubble-relay operates only in secure mode,
- hubble-relay requires client certificate authentication.
However, Keep does not currently support these features.
To work around this, you can add an NGINX Pod that listens on a plaintext HTTP port and proxies requests to hubble-relay secure port using hubble-relay certificates.
You need a GKE cluster with dataplane v2 .
Dataplane v2 observability must be enabled.
Here is an example of running a plaintext NGINX proxy:
Now you can connect Keep with google-managed hubble-relay by adding Cilium provider using hubble-relay-insecure.gke-managed-dpv2-observability:80
address.