Flow Visualizer

The Flow Visualizer in Calico Enterprise and Calico Cloud graphically displays your microservices environment and enables interactive exploration and troubleshooting. You may have deployed a security policy that is not behaving as expected (e.g. a label selector was typed incorrectly, or the pods intended to control are missing the label). The Flow Visualizer helps you quickly find and fix connectivity issues in your cluster.

Calico Enterprise and Calico Cloud log all connection attempts and add the Kubernetes context into those logs (namespace, pod, label, etc). Each security policy that evaluates the traffic is also logged along with whether it accepted or denied the traffic. Flow logs can be evaluated using the built-in Kibana dashboard.

The Flow Visualizer is used to visualize your cluster traffic and enable interactive exploration to identify and resolve connectivity issues.

The outer ring of the flow visualizer represents the namespaces in your cluster. The middle ring represents the pods, and the inner ring shows the connections from one pod to another. You can select any ring and zoom in to refine the view to those namespaces or services that you would like to investigate.

The thickness of the connection flow image indicates the volume of connections, and the color indicates whether the connections are being accepted or denied. When you select a specific flow (from one service to another), the visualizer shows you which policies evaluated the traffic and whether the connection was allowed or denied.

The Flow Visualizer is fully RBAC controlled, enabling you to define which users are allowed to view which namespaces.

X

📣 Read our new O'Reilly eBook on Kubernetes Security and ObservabilityLearn more >>>