The L7 traffic data of the microservices running on Kubernetes cannot be obtained

[Radiance2024]

Is there an existing issue for this?

• [x] I have searched the existing issues

What happened?

• The operation status of Cilium is normal

• Running the "Star Wars Demo" and executing the command "kubectl exec -it -n kube-system cilium-wfvbx -- hubble observe -f -t l7" shows normal output data. However, there is no data output for accessing Java microservices deployed on Kubernetes.

• L7 rules: apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name: nginx-proxy-policy namespace: default # my namespace spec: endpointSelector: matchLabels: app: nginx # app: nginx 的 pods ingress: - fromCIDR: - "0.0.0.0/0" # Browser Access toPorts: - ports: - port: "30329" # NGINX port protocol: TCP egress: - toEndpoints: - matchLabels: app: my-gateway # Gateway Services toPorts: - ports: - port: "8080" # Gateway port protocol: TCP

• May I ask what is causing this? Thank you!

Cilium Version

Client: 1.15.4 go version go1.21.9 linux/amd64 Daemon: 1.15.4 go version go1.21.9 linux/amd64

Kernel Version

OS: CentOS Linux 8.5 (Core) Kernel Version: 4.18.0-348.el8.x86_64

Kubernetes Version

v1.24.9

Regression

No response

Sysdump

helm install cilium cilium/cilium --version 1.15.4 \ --namespace kube-system \ --set hubble.relay.enabled=true \ --set hubble.ui.enabled=true \ --set prometheus.enabled=true \ --set operator.prometheus.enabled=true \ --set hubble.enabled=true \ --set hubble.metrics.enableOpenMetrics=true \ --set global.jaeger.enabled=true \ --set l7-proxy.enabled=true \ --set gatewayAPI.enabled=true \ --set hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,httpV2:exemplars=true;labelsContext=source_ip\,source_namespace\,source_workload\,destination_ip\,destination_namespace\,destination_workload\,traffic_direction}"

Relevant log output

No response

Anything else?

No response

Cilium Users Document

• [ ] Are you a user of Cilium? Please add yourself to the Users doc

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[ti-mo]

Is this the same issue as https://github.com/cilium/cilium/issues/32175?

What do you mean by:

However, there is no data output for accessing Java microservices deployed on Kubernetes.

[Radiance2024]

I want to capture L7 traffic for the deployed java microservice via the "hubble observe -f -t l7" command, but I don't see the traffic data when I execute the command.

How do we need to configure L7 rules to capture Java microservice traffic running in k8s universally? thanks！

[christarazi]

@Radiance2024 You will need to define L7 rules to see L7 events from Hubble: https://docs.cilium.io/en/stable/security/policy/language/#l7-policy