Cilium · AsyncAPI Specification

Cilium Hubble Events

Version 1.0.0

The Hubble event streaming API provides real-time observability into network flows, DNS queries, HTTP requests, and service-to-service communication within Kubernetes clusters. Hubble exposes gRPC-based Observer and Peer services that clients can subscribe to for streaming network visibility data. Events include Layer 3/4 flows with IP and transport metadata, Layer 7 flows with application protocol details, DNS resolution events, and service drop/forward decisions. The Hubble Relay aggregates events from all nodes in a cluster for cluster-wide observability.

View Spec View on GitHub Cloud NativeeBPFKubernetesNetworkingSecurityAsyncAPIWebhooksEvents

Channels

/observer.Observer/GetFlows

subscribe getFlows

Stream network flow events

Streaming channel for network flow events. Clients send a GetFlowsRequest specifying filters and receive a continuous stream of Flow messages representing network connections observed by the eBPF datapath.

/observer.Observer/GetAgentEvents

subscribe getAgentEvents

Stream agent events

Streaming channel for Cilium agent state change events. Reports significant state transitions in the Cilium agent such as endpoint regeneration, policy updates, and service changes.

/observer.Observer/GetDebugEvents

subscribe getDebugEvents

Stream debug events

Streaming channel for internal Cilium debug events generated by the eBPF datapath, used for troubleshooting and development.

/observer.Observer/GetNodes

subscribe getNodes

Stream node status updates

Streaming channel that provides a snapshot and updates of all Hubble nodes visible to the relay, including their connectivity status.

/observer.Observer/GetNamespaces

subscribe getNamespaces

Stream namespace updates

Streaming channel providing Kubernetes namespace information visible through network flow data observed by Hubble.

Messages

✉

Flow

Network Flow Event

A single observed network flow or connection event

✉

AgentEvent

Cilium Agent Event

A state change event from the Cilium agent

✉

DebugEvent

eBPF Debug Event

A low-level debug event from the eBPF datapath

✉

NodeStatus

Hubble Node Status

Status notification for a Hubble-enabled node

✉

NamespaceStatus

Kubernetes Namespace Status

Namespace visibility update from Hubble flow data

Servers

grpc

hubbleRelay {hostname}:4245

Hubble Relay gRPC server providing cluster-wide aggregated flow observability. The relay aggregates flows from all Hubble-enabled Cilium agents.

grpc

hubbleLocal {hostname}:4244

Per-node Hubble gRPC server embedded in the Cilium agent, providing local node flow observability.