k8s-cilium
Cilium and Hubble network observability for Kubernetes. Use when managing network policies, observing traffic flows, or troubleshooting connectivity with eBPF-based networking.
Best use case
k8s-cilium is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Cilium and Hubble network observability for Kubernetes. Use when managing network policies, observing traffic flows, or troubleshooting connectivity with eBPF-based networking.
Teams using k8s-cilium should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/k8s-cilium/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How k8s-cilium Compares
| Feature / Agent | k8s-cilium | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Cilium and Hubble network observability for Kubernetes. Use when managing network policies, observing traffic flows, or troubleshooting connectivity with eBPF-based networking.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Cilium & Hubble Network Observability
Manage eBPF-based networking using kubectl-mcp-server's Cilium tools (8 tools).
## When to Apply
Use this skill when:
- User mentions: "Cilium", "Hubble", "eBPF", "network policy", "flow"
- Operations: network policy management, traffic observation, L7 filtering
- Keywords: "network security", "traffic flow", "dropped packets", "connectivity"
## Priority Rules
| Priority | Rule | Impact | Tools |
|----------|------|--------|-------|
| 1 | Detect Cilium installation first | CRITICAL | `cilium_detect_tool` |
| 2 | Check agent status for health | HIGH | `cilium_status_tool` |
| 3 | Use Hubble for flow debugging | HIGH | `hubble_flows_query_tool` |
| 4 | Start with default deny | MEDIUM | CiliumNetworkPolicy |
## Quick Reference
| Task | Tool | Example |
|------|------|---------|
| Detect Cilium | `cilium_detect_tool` | `cilium_detect_tool()` |
| Agent status | `cilium_status_tool` | `cilium_status_tool()` |
| List policies | `cilium_policies_list_tool` | `cilium_policies_list_tool(namespace)` |
| Query flows | `hubble_flows_query_tool` | `hubble_flows_query_tool(namespace)` |
## Check Installation
```python
cilium_detect_tool()
```
## Cilium Status
```python
cilium_status_tool()
```
## Network Policies
### List Policies
```python
cilium_policies_list_tool(namespace="default")
```
### Get Policy Details
```python
cilium_policy_get_tool(name="allow-web", namespace="default")
```
### Create Cilium Network Policy
```python
kubectl_apply(manifest="""
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-web
namespace: default
spec:
endpointSelector:
matchLabels:
app: web
ingress:
- fromEndpoints:
- matchLabels:
app: frontend
toPorts:
- ports:
- port: "80"
protocol: TCP
egress:
- toEndpoints:
- matchLabels:
app: database
toPorts:
- ports:
- port: "5432"
protocol: TCP
""")
```
## Endpoints
```python
cilium_endpoints_list_tool(namespace="default")
```
## Identities
```python
cilium_identities_list_tool()
```
## Nodes
```python
cilium_nodes_list_tool()
```
## Hubble Flow Observability
```python
hubble_flows_query_tool(
namespace="default",
pod="my-pod",
last="5m"
)
hubble_flows_query_tool(
namespace="default",
verdict="DROPPED"
)
hubble_flows_query_tool(
namespace="default",
type="l7"
)
```
## Create L7 Policy
```python
kubectl_apply(manifest="""
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: api-policy
namespace: default
spec:
endpointSelector:
matchLabels:
app: api
ingress:
- fromEndpoints:
- matchLabels:
app: frontend
toPorts:
- ports:
- port: "8080"
protocol: TCP
rules:
http:
- method: GET
path: "/api/v1/.*"
- method: POST
path: "/api/v1/users"
""")
```
## Cluster Mesh
```python
kubectl_apply(manifest="""
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
name: allow-cross-cluster
spec:
endpointSelector:
matchLabels:
app: shared-service
ingress:
- fromEntities:
- cluster
- remote-node
""")
```
## Troubleshooting Workflows
### Pod Can't Reach Service
```python
cilium_status_tool()
cilium_endpoints_list_tool(namespace)
cilium_policies_list_tool(namespace)
hubble_flows_query_tool(namespace, pod, verdict="DROPPED")
```
### Policy Not Working
```python
cilium_policy_get_tool(name, namespace)
cilium_endpoints_list_tool(namespace)
hubble_flows_query_tool(namespace)
```
### Network Performance Issues
```python
cilium_status_tool()
cilium_nodes_list_tool()
hubble_flows_query_tool(namespace, type="l7")
```
## Best Practices
1. **Start with default deny**: Create baseline deny-all policy
2. **Use labels consistently**: Policies rely on label selectors
3. **Monitor with Hubble**: Observe flows before/after policy changes
4. **Test in staging**: Verify policies don't break connectivity
## Prerequisites
- **Cilium**: Required for all Cilium tools
```bash
cilium install
```
## Related Skills
- [k8s-networking](../k8s-networking/SKILL.md) - Standard K8s networking
- [k8s-security](../k8s-security/SKILL.md) - Security policies
- [k8s-service-mesh](../k8s-service-mesh/SKILL.md) - Istio service meshRelated Skills
bgo
Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.
kubernetes-deployment
Deploy, manage, and scale applications on Kubernetes clusters using manifests, Helm charts, and autoscaling configurations.
kubernetes-deployer
Package and deploy applications to Kubernetes with Dockerfiles, Helm charts, and local Minikube deployment. Use when containerizing applications, creating Kubernetes manifests, setting up Helm charts, deploying to Minikube, or preparing cloud-ready configurations. Focuses on local-first deployment with stateless services.
kubernetes-architect
Expert Kubernetes architect specializing in cloud-native infrastructure, advanced GitOps workflows (ArgoCD/Flux), and enterprise container orchestration.
kubectl-skill
Execute and manage Kubernetes clusters via kubectl commands. Query resources, deploy applications, debug containers, manage configurations, and monitor cluster health. Use when working with Kubernetes clusters, containers, deployments, or pod diagnostics.
konto-deploy
Deploy and run Konto (personal finance dashboard) locally. Use when setting up a new Konto instance, troubleshooting installation, or helping users get started with Konto.
kind
Manage Kind (Kubernetes in Docker) clusters for local Kagenti development and testing.
Kind Local Kubernetes
This skill should be used when the user asks to "setup Kind", "local Kubernetes", "Kind cluster", "multi-node cluster", "Kubernetes development", "k8s local environment", or works with local Kubernetes clusters using Kind.
keycloak
Keycloak identity and access management. Use for SSO.
keycloak-expert
This skill should be used when the user asks to 'configure Keycloak', 'set up ABAC', 'create Keycloak realm', 'integrate Azure AD with Keycloak', 'implement authorization services', 'configure OIDC client', 'create Keycloak policies', 'set up UMA/RPT tokens', 'deploy Keycloak on OpenShift', 'integrate Spring Security with Keycloak', 'configure NextAuth.js with Keycloak', 'create protocol mappers', 'map Azure groups to roles', or needs guidance on Keycloak realm/client configuration, ABAC policies and permissions, identity provider federation, or Configuration as Code patterns.
karpathy
Coding principles for simplicity, clarity, and surgical precision. Use when you want Claude to think before coding, keep solutions minimal, make surgical changes, and define verifiable success criteria. Triggers on: karpathy mode, think before coding, simplicity first, surgical changes.
kamal-deploy
Expert-level Kamal deployment guidance for deploying containerized applications to any server. Use this skill when users ask about Kamal, container deployment, zero-downtime deployments, deploying Rails/web apps to VPS/cloud servers, kamal setup, kamal deploy, Docker deployment without Kubernetes, or deploying to Hetzner/DigitalOcean/AWS with Kamal. Also use when users mention DHH's deployment tool, 37signals deployment, or want an alternative to Heroku/Render/Vercel with self-hosted infrastructure.