hubble: hubble status reports Max Flows 0/0 and Unavailable Nodes

Trying to enable hubble ui in a cluster where cilium was installed with helm:

cilium hubble enable --ui --create-ca --relay-version v1.10.3

(The --relay-version is a workaround for https://github.com/cilium/cilium-cli/issues/456)

After port-forward, hubble status reports Max Flows 0/0 and all Nodes Unavailable even though running cilium status in each cilium pod shows Max Flows 4095/4095.

No known workaround.

Is this another case of cilium-cli being incompatible with a helm-installed Cilium? We wouldn’t have to blaze that trail if cilium-cli were able to install Cilium chained to eks-vpc-cni.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 3
  • Comments: 40 (11 by maintainers)

Most upvoted comments

Okay got it, we’re gonna use the cronjob to generate the cert and it should work flawlessly 😄 @jalberto the fix should be in production this week I guess 😃

+2
Sh4d1 on Aug 31, 2021

@samstride thank you for the clarification, I guess the issue can arise when Cilium was installed through a version of the cilium-cli that does not create the cilium-cli-helm-values secret (<v1.11.0), and then running cilium hubble enable with a later version requiring the secret (>=v1.11.0). So it’s a slightly different path than installing through Helm first, but ultimately leading to the same issue. I would expect this PR to fix the case you described as well.

Please avoid commenting in this closed issue that was about another problem (Helm vs cilium-cli Hubble CA incompatibility). This would only add confusion to readers looking for an answer to either of theses issues. Instead, either open an new issue here or comment on this bug report. Thank you!

+1
kaworu on Aug 30, 2022

@samstride it seems to me that you’re experiencing a different issue, unrelated to Hubble CA secrets. If correct, please open a new one and specify how Cilium was initially installed.

+1
kaworu on Aug 17, 2022

@kaworu

I am still experience a few issues with the latest version of the cli v0.12.1:

# k3s v1.24.3

cilium version

cilium-cli: v0.12.1 compiled with go1.18.5 on linux/amd64
cilium image (default): v1.12.0
cilium image (stable): v1.12.0
cilium image (running): v1.12.0

cilium hubble enable

Error: Unable to enable Hubble: unable to retrieve helm values secret kube-system/cilium-cli-helm-values: secrets "cilium-cli-helm-values" not found
+1
samstride on Aug 14, 2022

@jalberto

Why isn’t there an option to install Hubble using helm?

The official docs have this documentation to enable hubble in cilium using helm.

helm upgrade cilium cilium/cilium --version 1.11.3 \
   --namespace kube-system \
   --reuse-values \
   --set hubble.relay.enabled=true \
   --set hubble.ui.enabled=true
+1
samstride on Apr 5, 2022

@samstride correct, I am guessing the upgrade regenerate the CAs and certificates in “the Helm way”.

+1
kaworu on Apr 5, 2022
Read more comments on GitHub
← hubble: --namespace is incompatible with --pod
hubble-ui: Hubble UI doesn't work, fresh Cilium 1.12.1 install, "Data stream has failed on the UI backend: EOF" →