I've been diving deeper into Kubernetes networking and network policies lately, and I'm curious about how others monitor and troubleshoot these aspects. Do you rely on Kubernetes-specific tools to get insight into your network setup, or do you use more general network analysis tools? I've had some trouble with network policies that ended up blocking traffic for certain apps, and it wasn't immediately clear which policy caused the issue. While learning on k3s, I found that I could check the NFLOG actions from iptables to identify dropped packets. Are there tools that can provide a visual representation of my Kubernetes network setup, such as a UI to view logs or a map that shows how traffic flows through the network without having to sift through multiple YAML files for each policy?
1 Answer
If you're using Cilium as your CNI, Hubble is a great tool to consider. It has a UI that shows you which connections are being blocked or allowed. However, it doesn't specify which policy is responsible for the action. I've found it really helpful, even though it’s not perfect. It's definitely made troubleshooting policies easier for me!
I just started looking into Cilium and Hubble too! It seems like a solid choice, especially compared to the default lightweight flannel and kube-router in k3s. I think moving to Cilium might help with more advanced networking features for larger projects. Thanks for the tip!