Plugins 〉Hubble Process Ancestry
Hubble Process Ancestry
Hubble Process Ancestry panel plugin for Grafana
Grafana panel plugin that allows to visualize Hubble Process Ancestry directly in Grafana interface. It requires Isovalent Cilium Enterprise.
Requirements
A compatible Grafana datasource plugin is required for this plugin to work. Currently there is Hubble datasource plugin available.
Usage
On dashboard that supposed to show process ancestry add variable "Pod" that fetches pods list from datasource plugin.
Add panel plugin on dashboard by searching visualization "hubble process ancestry", selecting appropriate datasource plugin, "Process Ancestry" query type and "${Pod} = ..." value in "Pod" dropdown.
Data schema
Currently two data frame types are supported: for PROCESS_EXEC and PROCESS_CONNECT events.
PROCESS_EXEC
| field | type | sample |
|---|---|---|
| node_name | string | minikube |
| time | number | 1675087549022 |
| kind | string | PROCESS_EXEC |
| id | string | minikube/1675087549.22000000/PROCESS_EXEC/bWluaWt1YmU6MjA2NjkwMDAwMDAwOjIzMTU2 |
| process/exec_id | string | bWluaWt1YmU6MjA2NjkwMDAwMDAwOjIzMTU2 |
| process/pid | number | 23156 |
| process/uid | number | 23156 |
| process/cwd | string | / |
| process/binary | string | /minio-operator |
| process/arguments | string | |
| process/flags | string | procFS auid rootcwd |
| process/start_time | number | 1675087549022 |
| process/auid | number | 0 |
| process/docker | string | 97b5d10913ddc80e4409e715f0c73e2 |
| process/parent_exec_id | string | bWluaWt1YmU6MjA2NjMwMDAwMDAwOjIzMTMy |
| process/refcnt | number | 0 |
| process/pod/namespace | string | minio |
| process/pod/name | string | minio-operator-5f4cb79d7c-6rzr6 |
| process/pod/labels | string | k8s:app.kubernetes.io/instance=minio-operator,k8s:app.kubernetes.io/name=operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=minio,k8s:io.cilium.k8s.namespace.labels.name=minio,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=minio-operator,k8s:io.kubernetes.pod.namespace=minio,k8s:operator=leader |
| process/pod/container/id | string | docker://97b5d10913ddc80e4409e715f0c73e2d77a57d133a88baa6330a3d488202ec45 |
| process/pod/container/name | string | operator |
| process/pod/container/start_time | 1675087549000 | |
| process/pod/container/pid | number | 1 |
| process/pod/container/maybe_exec_probe | boolean | false |
| process/pod/container/image/id | string | docker-pullable://minio/operator@sha256:5f5f31cf46a7683dc37aeaf598baf552640c03ac6fc8f2aac169e015d077e935 |
| process/pod/container/image/name | string | minio/operator:v4.5.1 |
| parent/exec_id | string | bWluaWt1YmU6MjA2NjMwMDAwMDAwOjIzMTMy |
| parent/pid | number | 23132 |
| parent/uid | number | 23132 |
| parent/cwd | string | /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/97b5d10913ddc80e4409e715f0c73e2d77a57d133a88baa6330a3d488202ec45 |
| parent/binary | string | /usr/bin/containerd-shim |
| parent/arguments | string | -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/97b5d10913ddc80e4409e715f0c73e2d77a57d133a88baa6330a3d488202ec45 -address /var/run/docker/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc -systemd-cgroup |
| parent/flags | string | procFS auid |
| parent/start_time | number | 1675087548962 |
| parent/auid | number | 0 |
| parent/docker | string | |
| parent/parent_exec_id | string | bWluaWt1YmU6MTI0OTYwMDAwMDAwOjE3NDc1 |
| parent/refcnt | number | 0 |
PROCESS_CONNECT
| field | type | sample |
|---|---|---|
| node_name | string | minikube |
| time | number | 1674748552434 |
| kind | string | PROCESS_CONNECT |
| id | string | minikube/1674748552.434000000/PROCESS_CONNECT/bWluaWt1YmU6MTMxMzQwMDAwMDAwOjIwMzA5 |
| process/exec_id | string | bWluaWt1YmU6MTMxMzQwMDAwMDAwOjIwMzA5 |
| process/pid | number | 20309 |
| process/uid | number | 20309 |
| process/cwd | string | / |
| process/binary | string | /minio-operator |
| process/arguments | string | |
| process/flags | string | procFS auid rootcwd |
| process/start_time | 1674748552434 | |
| process/auid | number | 0 |
| process/docker | string | da15ebaf7183a00c0a5e949ad535167 |
| process/parent_exec_id | string | bWluaWt1YmU6MTMxMzIwMDAwMDAwOjIwMjky |
| process/refcnt | number | 0 |
| process/pod/namespace | string | minio |
| process/pod/name | string | minio-operator-5f4cb79d7c-6rzr6 |
| process/pod/labels | string | |
| process/pod/container/id | string | docker://da15ebaf7183a00c0a5e949ad5351671936c9a765b0d1a3ef27eed1cfa6e49fc |
| process/pod/container/name | string | operator |
| process/pod/container/start_time | string | 1674748552000 |
| process/pod/container/pid | number | 1 |
| process/pod/container/maybe_exec_probe | string | |
| ----- | ----- | ------- |
| node_name | string | minikube |
| time | number | 1674748552434 |
| kind | string | PROCESS_CONNECT |
| id | string | minikube/1674748552.434000000/PROCESS_CONNECT/bWluaWt1YmU6MTMxMzQwMDAwMDAwOjIwMzA5 |
| process/exec_id | string | bWluaWt1YmU6MTMxMzQwMDAwMDAwOjIwMzA5 |
| process/pid | number | 20309 |
| process/uid | number | 20309 |
| process/cwd | string | / |
| process/binary | string | /minio-operator |
| process/arguments | string | |
| process/flags | string | procFS auid rootcwd |
| process/start_time | 1674748552434 | |
| process/auid | number | 0 |
| process/docker | string | da15ebaf7183a00c0a5e949ad535167 |
| process/parent_exec_id | string | bWluaWt1YmU6MTMxMzIwMDAwMDAwOjIwMjky |
| process/refcnt | number | 0 |
| process/pod/namespace | string? | minio |
| process/pod/name | string? | minio-operator-5f4cb79d7c-6rzr6 |
| process/pod/labels | string? | |
| process/pod/container/id | string? | docker://da15ebaf7183a00c0a5e949ad5351671936c9a765b0d1a3ef27eed1cfa6e49fc |
| process/pod/container/name | string? | operator |
| process/pod/container/start_time | string? | 1674748552000 |
| process/pod/container/pid | number? | 1 |
| process/pod/container/maybe_exec_probe | boolean? | false |
| process/pod/container/image/id | string? | docker-pullable://minio/operator@sha256:5f5f31cf46a7683dc37aeaf598baf552640c03ac6fc8f2aac169e015d077e935 |
| process/pod/container/image/name | string? | minio/operator:v4.5.1 |
| parent/exec_id | string | bWluaWt1YmU6MTMxMzIwMDAwMDAwOjIwMjky |
| parent/pid | number | 20292 |
| parent/uid | number | 20292 |
| parent/cwd | string | /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/da15ebaf7183a00c0a5e949ad5351671936c9a765b0d1a3ef27eed1cfa6e49fc |
| parent/binary | string | /usr/bin/containerd-shim |
| parent/arguments | string | -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/da15ebaf7183a00c0a5e949ad5351671936c9a765b0d1a3ef27eed1cfa6e49fc -address /var/run/docker/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc -systemd-cgroup |
| parent/flags | string | procFS auid |
| parent/start_time | 1674748552414 | |
| parent/auid | number | 0 |
| parent/docker | string | |
| parent/parent_exec_id | string | bWluaWt1YmU6OTcyOTAwMDAwMDA6MTIyNTc= |
| parent/refcnt | number | 0 |
| source_ip | string | 10.88.0.38 |
| source_port | number | 55142 |
| destination_ip | string | 10.96.0.1 |
| destination_port | string | 443 |
| destination_names | string | |
| sock_cookie | number | 0 |
| protocol | number | 6 |
| process/pod/container/image/id | string | docker-pullable://minio/operator@sha256:5f5f31cf46a7683dc37aeaf598baf552640c03ac6fc8f2aac169e015d077e935 |
| process/pod/container/image/name | string | minio/operator:v4.5.1 |
| parent/exec_id | string | bWluaWt1YmU6MTMxMzIwMDAwMDAwOjIwMjky |
| parent/pid | number | 20292 |
| parent/uid | number | 20292 |
| parent/cwd | string | /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/da15ebaf7183a00c0a5e949ad5351671936c9a765b0d1a3ef27eed1cfa6e49fc |
| parent/binary | string | /usr/bin/containerd-shim |
| parent/arguments | string | -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/da15ebaf7183a00c0a5e949ad5351671936c9a765b0d1a3ef27eed1cfa6e49fc -address /var/run/docker/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc -systemd-cgroup |
| parent/flags | string | procFS auid |
| parent/start_time | 1674748552414 | |
| parent/auid | number | 0 |
| parent/docker | string | |
| parent/parent_exec_id | string | bWluaWt1YmU6OTcyOTAwMDAwMDA6MTIyNTc= |
| parent/refcnt | number | 0 |
| source_ip | string | 10.88.0.38 |
| source_port | number | 55142 |
| destination_ip | string | 10.96.0.1 |
| destination_port | string | 443 |
| destination_names | string | |
| sock_cookie | number | 0 |
| protocol | number | 6 |
Grafana Cloud Pro
- $25 / user / month and includes a free trial for new users
- Available with a Grafana Cloud Pro plan
- Access to 1 Enterprise plugin
- Fully managed service (not available to self-manage)
Grafana Cloud Advanced / Grafana Enterprise
- Available with a Grafana Cloud Advanced plan or Grafana Enterprise license
- Access to all Enterprise plugins
- Run fully managed or self-manage on your own infrastructure
Installing Hubble Process Ancestry on Grafana Cloud:
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
For more information, visit the docs on plugin installation.
Installing on a local Grafana:
For local instances, plugins are installed and updated via a simple CLI command. Plugins are not updated automatically, however you will be notified when updates are available right within your Grafana.
1. Install the Panel
Use the grafana-cli tool to install Hubble Process Ancestry from the commandline:
grafana-cli plugins install The plugin will be installed into your grafana plugins directory; the default is /var/lib/grafana/plugins. More information on the cli tool.
Alternatively, you can manually download the .zip file for your architecture below and unpack it into your grafana plugins directory.
Alternatively, you can manually download the .zip file and unpack it into your grafana plugins directory.
2. Add the Panel to a Dashboard
Installed panels are available immediately in the Dashboards section in your Grafana main menu, and can be added like any other core panel in Grafana.
To see a list of installed panels, click the Plugins item in the main menu. Both core panels and installed panels will appear.
Changelog
1.0.3
- Added missed dark theme icons
1.0.2
- Update Process Ancestry component (@isovalent/grafana-process-tree v0.3.0) with performance improvements and fixes
- Make Process Ancestry scrollable
- Upgrade dependencies
- Migrate from Yarn to NPM
1.0.1
- Add LICENSE and COPYRIGHT.
- Update README.md
- Update the logo
1.0.0
Initial release.
