Container Service for Kubernetes (ACK) Terway Hubble is a network architecture, workload, and topology observability platform. You can deploy ACK Terway Hubble in a managed Kubernetes cluster and then view network traffic and network policies in ACK Terway Hubble. This topic describes how to use the network observability of ACK Terway Hubble to view statistics about network traffic in a container network, such as the sources and destinations of packets.
Prerequisites
Note ACK Terway Hubble supports only the One ENI for Multi-Pod mode of Terway. This mode
is based on IPvlan. Therefore, when you create the managed Kubernetes cluster, you
must specify Terway as Network Plug-in and IPvlan as Terway Mode. Otherwise, you cannot use ACK Terway Hubble.
Step 1: Modify the Terway ConfigMap eni-config
Modify the Terway ConfigMap eni-config in the console
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
- Modify the Terway ConfigMap eni-config.
- Restart the Terway pods for the modified ConfigMap to take effect.
Modify the Terway ConfigMap eni-config by using the CLI
- Connect to an ACK cluster by using kubectl.
- Modify the Terway ConfigMap eni-config.
- Restart the Terway pods for the modified ConfigMap to take effect.
Step 2: Install ACK Terway Hubble
Step 3: Get started with ACK Tereway Hubble
If you have set the
hosts
parameter for the Ingress of ACK Terway Hubble, you can log on to Hubble UI by accessing
the Ingress host over port 80. When you access the Ingress host, the following information
appears:
Note If the domain that you access is not an authoritative domain, such as ingress.local,
you must run the
kubectl -n kube-system get svc nginx-ingress-lb
command to query the IP address of Hubble UI. Then, modify the hosts file on your
computer to map ingress.local to the IP address of Hubble UI.
- In the upper portion of the page, you can view the topologies of pods and Services that belong to different namespaces.
- In the lower portion of the page, you can view the sources, destinations, ports, and forwarding states of network traffic.
- If you have configured network policies, you can view packets that are dropped because of network policy mismatching.

ACK Terway Hubble uses the hubble-metrics Service in the kube-system namespace to
expose network flow metrics. You can specify the metrics that ACK Terway Hubble exposes
by setting the
cilium_hubble_metrics
parameter in the Terway ConfigMap eni-config. You can use Prometheus Service and
Application Real-Time Monitoring Service (ARMS) Prometheus to collect these metrics.
For more information, see Use Prometheus to monitor a Kubernetes cluster and Enable ARMS Prometheus.
Note For more information about the metrics that ACK Terway Hubble can expose, see hubble-exported-metrics.
Metric | Name | Label | Description |
---|---|---|---|
drop | hubble_drop_total | reason, protocol | Number of dropped packets. |
tcp | hubble_tcp_flags_total | flag, family | TCP flag occurrences. |
flow | hubble_flows_processed_total | type, subtype, verdict | Total number of network flows processed. |
port-distribution | hubble_port_distribution_total | protocol, port | Numbers of packets distributed by destination port. |
icmp | hubble_icmp_total | family, type | Number of ICMP messages |