Skip to main content

How To Integrate My Kubernetes Cluster With Faddom?

Written by Itamar Rotem

To let Faddom connect to a Kubernetes cluster, you need to provide a kubeconfig file to allow access to the cluster APIs or AWS credentials for EKS. This will allow Faddom to see the Kubernetes cluster, if you also want to see the traffic inside the cluster, you need the nodes and set it up to send the sFlow traffic to Faddom. For details on using host sFlow our Capturing network traffic using agents guide.

To perform the Integration, you do the following

  1. Go to Settings

    Settings.png



  2. Select Data Sources



  3. Press on the Kubernetes icon

  4. Provide the kubeconfig file or AWS EKS credentials
    Note: Name needs to be identical to the name of your Kubernetes cluster. For example if the name is Faddom-Kubernetes this is what needs to be added

When you are using a kubeconfig file, the file should not contain references to other files on the file system. For example, you should use the client-certificate-data field to embed the certificate data in the file instead of using the client-certificate field which references an external file. Once you have added a configuration file, Faddom should be able to access the Kubernetes APIs to add information on the services running on that cluster.

Traffic Collection for Cilium and OpenShift

For clusters running Cilium or OpenShift, Faddom supports dedicated methods of traffic collection.

OpenShift

The NetFlow exporter is not enabled by default in OpenShift. To enable it, configure the Cluster Network Operator (CNO) with your Faddom server, sensor, or proxy as the collector IP.

  1. Create a patch file with the following configuration:

spec:
  exportNetworkFlows:
    netFlow:
      collectors:
        - <FADDOM_IP>:<PORT>

  1. Apply the configuration:

oc patch network.operator cluster --type merge -p "$(cat <file_name>.yaml)"

  1. Verify the configuration was applied:

oc get network.operator cluster -o jsonpath="{.spec.exportNetworkFlows}"

Prerequisites:

  • OpenShift CLI (oc) installed

  • Logged in with cluster-admin privileges

  • Faddom server, sensor, or proxy reachable from the cluster nodes

For full details, see the official Red Hat documentation on tracking network flows.

Cilium

Faddom collects traffic from Cilium clusters via Hubble Relay using a lightweight pod deployed on the cluster.

Prerequisites:

  • Cilium CNI with Hubble Relay enabled (hubble.relay.enabled=true)

  • Faddom server, sensor, or proxy reachable from the cluster

  • Internet access from cluster nodes to pull from Docker Hub (faddom/hubble-agent) (or a private registry for air-gapped installations)

Deployment:

  1. Download the deployment files: faddom-hubble-agent.yaml, deploy-faddom-hubble-agent.sh, and optionally network-policy.yaml (for egress restriction) — see the bottom of this article for files.

  1. Run the deployment script and follow the prompts: ./deploy-faddom-hubble-agent.sh Or, to apply the manifest directly, first edit faddom-hubble-agent.yaml and replace SENSOR_IP_ADDRESS with your Faddom sensor, proxy, or server IP, then run: kubectl apply -f faddom-hubble-agent.yaml

Configuration:

All settings are environment variables in the deployment YAML:

Environment Variable

Default

Description

SENSOR_ADDRESS

(required)

IP or hostname of your Faddom sensor or proxy

HUBBLE_RELAY_ADDRESS

hubble-relay.kube-system.svc.cluster.local

Hubble Relay service DNS name

HUBBLE_RELAY_PORT

80

Hubble Relay service port

OBSERVATION_DOMAIN_ID

0

Set a unique value per cluster when multiple clusters send to the same sensor

HUBBLE_FLOW_FILTERS

(empty)

Optional JSON flow filters (see below)

FLOW_SAMPLE_RATE

1

1 = every flow. x = 1 in x flows. Increase on large clusters to reduce load. The lower x is, the more responsive Faddom will be to changes

Updating the sensor IP:

kubectl -n faddom-discovery edit configmap faddom-hubble-agent-config kubectl -n faddom-discovery rollout restart deployment faddom-hubble-agent

Updating other settings (triggers automatic pod restart):

kubectl -n faddom-discovery set env deployment/faddom-hubble-agent FLOW_SAMPLE_RATE=10

Flow Filters (Optional):

Filters are applied at the Hubble Relay level before flows reach the agent. DROPPED and ERROR verdicts are always excluded automatically.

# Exclude DNS traffic HUBBLE_FLOW_FILTERS: '[{"destination_port": ["53"], "blacklist": true}]'  # Exclude kube-system namespace HUBBLE_FLOW_FILTERS: '[{"source_pod": ["kube-system/"], "blacklist": true}]'

Changing log level at runtime (no restart required):

kubectl -n faddom-discovery edit configmap faddom-hubble-agent-logging # Change level="INFO" to level="DEBUG" — takes effect within ~65 seconds

To uninstall:

kubectl delete namespace faddom-discovery
Attachment icon
network-policy.yaml
Attachment icon
faddom-hubble-agent.yaml
Attachment icon
deploy-faddom-hubble-agent.sh
Related Articles
How to Configure Data Sources
Deploying Faddom Sensors Using Powershell
How to Setup the Faddom Proxy
Configuration Status of the Faddom Server
Faddom 2025.1 → 2025.2+ Upgrade: Important Guidelines
Did this answer your question?