Network Policies

Use cilium hubble and hubble_ui flag, see the end of the follwing ansible inventory:

all:
  vars:
    kosmos_domain: kosmos.wip
    external_registry: kosmos-registry.kosmos.wip
    # set to "" for no hardening
    hardening_profile: "cis"
    # endpoint used by cilium pods to reach controllers for direct routing mode
    kube_endpoint: 192.168.100.163
    # "" mean autodetect
    mtu: ""
    # will switch to airgap provisioning mode (need external registry, see external_registry.md and air-gap.sh)
    airgap: false
    # activate peer to peer embedded registry
    embedded_registry: true
    external_registry_ip: 127.0.0.1
    # set to none (vxlan as last resort)
    kube_cni_encapsulation: none
    # require alma/rocky/rhel version >= 9
    kube_cni_encryption: "false"
    # 2 for Production/HA
    cni_operator_replicas: 1
    # cilium observability
    hubble: "true"
    # cilium ui
    hubble_ui: "true"

if cluster is already up you can do a hot activation directly at cilium operator level.

--set hubble.relay.enabled=true \
--set hubble.ui.enabled=true

Donwload cilium cli

Use it with:

cilium hubble ui