If your cluster uses the Cilium CNI, you can collect Cilium flow logs in the Gloo telemetry pipeline. Then, you can use the meshctl hubble observe command to gain visibility into network and protocol flows, such as individual TCP connections, DNS queries, or HTTP requests.

Single cluster

  1. Get your current installation Helm values, and save them in a file.

      helm get values gloo-platform -n gloo-mesh -o yaml > gloo-single.yaml
open gloo-single.yaml

  2. In your Helm values file, enable the default logs/cilium_flows pipeline in the Gloo telemetry collector agent.

      
telemetryCollectorCustomization: 
  pipelines: 
    logs/cilium_flows: 
      enabled: true

  3. Upgrade your installation by using your updated values file.

      
helm upgrade gloo-platform gloo-platform/gloo-platform \
   --namespace gloo-mesh \
   --version $GLOO_VERSION \
   --values gloo-single.yaml

  4. Verify that your custom Cilium settings were added to the Gloo telemetry collector configmap.

      kubectl get configmap gloo-telemetry-collector-config -n gloo-mesh -o yaml

  5. Perform a rollout restart of the telemetry collector daemon set to force your configmap changes to be applied to the telemetry collector agent pod.

      kubectl rollout restart -n gloo-mesh daemonset/gloo-telemetry-collector-agent

  6. Explore and use the meshctl hubble observe command to view flow logs.

Multicluster

  1. Get your current Helm values for the workload clusters.

      helm get values gloo-platform -n gloo-mesh -o yaml --kube-context $REMOTE_CONTEXT > data-plane.yaml
open data-plane.yaml

  2. In your Helm values file, enable the default logs/cilium_flows pipeline in the Gloo telemetry collector agent.

      
telemetryCollectorCustomization: 
  pipelines: 
    logs/cilium_flows: 
      enabled: true

  3. Upgrade the workload cluster.

      
helm upgrade gloo-platform gloo-platform/gloo-platform \
  --kube-context $REMOTE_CONTEXT \
  --namespace gloo-mesh \
  -f data-plane.yaml \
  --version $GLOO_VERSION

  4. Verify that your settings are applied in the workload cluster.

    1. Verify that the tracing settings were added to the Gloo telemetry collector configmap.

        kubectl get configmap gloo-telemetry-collector-config -n gloo-mesh -o yaml --context $REMOTE_CONTEXT

    2. Perform a rollout restart of the telemetry collector daemon set to force your configmap changes to be applied to the telemetry collector agent pods.

        kubectl rollout restart -n gloo-mesh daemonset/gloo-telemetry-collector-agent --context $REMOTE_CONTEXT

  5. Explore and use the meshctl hubble observe command to view flow logs.