rohitg00/k8s-cilium
kubernetes-skills/claude/k8s-cilium/SKILL.md
Cilium and Hubble network observability for Kubernetes. Use when managing network policies, observing traffic flows, or troubleshooting connectivity with eBPF-based networking.
$ install --global
skillsauthnpx skillsauth add rohitg00/kubectl-mcp-server k8s-ciliumInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 11:12 AM15.8s1 file scanned
SKILL.md
- name:
- k8s-cilium
- description:
- Cilium and Hubble network observability for Kubernetes. Use when managing network policies, observing traffic flows, or troubleshooting connectivity with eBPF-based networking.
- license:
- Apache-2.0
- author:
- rohitg00
- version:
- 1.0.0
- tools:
- 8
- category:
- networking
Cilium & Hubble Network Observability
Manage eBPF-based networking using kubectl-mcp-server's Cilium tools (8 tools).
When to Apply
Use this skill when:
- User mentions: "Cilium", "Hubble", "eBPF", "network policy", "flow"
- Operations: network policy management, traffic observation, L7 filtering
- Keywords: "network security", "traffic flow", "dropped packets", "connectivity"
Priority Rules
| Priority | Rule | Impact | Tools |
|----------|------|--------|-------|
| 1 | Detect Cilium installation first | CRITICAL | cilium_detect_tool |
| 2 | Check agent status for health | HIGH | cilium_status_tool |
| 3 | Use Hubble for flow debugging | HIGH | hubble_flows_query_tool |
| 4 | Start with default deny | MEDIUM | CiliumNetworkPolicy |
Quick Reference
| Task | Tool | Example |
|------|------|---------|
| Detect Cilium | cilium_detect_tool | cilium_detect_tool() |
| Agent status | cilium_status_tool | cilium_status_tool() |
| List policies | cilium_policies_list_tool | cilium_policies_list_tool(namespace) |
| Query flows | hubble_flows_query_tool | hubble_flows_query_tool(namespace) |
Check Installation
cilium_detect_tool()
Cilium Status
cilium_status_tool()
Network Policies
List Policies
cilium_policies_list_tool(namespace="default")
Get Policy Details
cilium_policy_get_tool(name="allow-web", namespace="default")
Create Cilium Network Policy
kubectl_apply(manifest="""
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-web
namespace: default
spec:
endpointSelector:
matchLabels:
app: web
ingress:
- fromEndpoints:
- matchLabels:
app: frontend
toPorts:
- ports:
- port: "80"
protocol: TCP
egress:
- toEndpoints:
- matchLabels:
app: database
toPorts:
- ports:
- port: "5432"
protocol: TCP
""")
Endpoints
cilium_endpoints_list_tool(namespace="default")
Identities
cilium_identities_list_tool()
Nodes
cilium_nodes_list_tool()
Hubble Flow Observability
hubble_flows_query_tool(
namespace="default",
pod="my-pod",
last="5m"
)
hubble_flows_query_tool(
namespace="default",
verdict="DROPPED"
)
hubble_flows_query_tool(
namespace="default",
type="l7"
)
Create L7 Policy
kubectl_apply(manifest="""
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: api-policy
namespace: default
spec:
endpointSelector:
matchLabels:
app: api
ingress:
- fromEndpoints:
- matchLabels:
app: frontend
toPorts:
- ports:
- port: "8080"
protocol: TCP
rules:
http:
- method: GET
path: "/api/v1/.*"
- method: POST
path: "/api/v1/users"
""")
Cluster Mesh
kubectl_apply(manifest="""
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
name: allow-cross-cluster
spec:
endpointSelector:
matchLabels:
app: shared-service
ingress:
- fromEntities:
- cluster
- remote-node
""")
Troubleshooting Workflows
Pod Can't Reach Service
cilium_status_tool()
cilium_endpoints_list_tool(namespace)
cilium_policies_list_tool(namespace)
hubble_flows_query_tool(namespace, pod, verdict="DROPPED")
Policy Not Working
cilium_policy_get_tool(name, namespace)
cilium_endpoints_list_tool(namespace)
hubble_flows_query_tool(namespace)
Network Performance Issues
cilium_status_tool()
cilium_nodes_list_tool()
hubble_flows_query_tool(namespace, type="l7")
Best Practices
- Start with default deny: Create baseline deny-all policy
- Use labels consistently: Policies rely on label selectors
- Monitor with Hubble: Observe flows before/after policy changes
- Test in staging: Verify policies don't break connectivity
Prerequisites
- Cilium: Required for all Cilium tools
cilium install
Related Skills
- k8s-networking - Standard K8s networking
- k8s-security - Security policies
- k8s-service-mesh - Istio service mesh
Related Skills
rohitg00/k8s-vind
development
VerifiedTrustedCommunity
Manage vCluster (virtual Kubernetes clusters) instances using vind. Use when creating, managing, or operating lightweight virtual clusters for development, testing, or multi-tenancy.
865SKILL.mdUpdated Apr 11, 2026
rohitg00/k8s-troubleshoot
development
VerifiedTrustedCommunity
Debug Kubernetes pods, nodes, and workloads. Use when pods are failing, containers crash, nodes are unhealthy, or users mention debugging, troubleshooting, or diagnosing Kubernetes issues.
865SKILL.mdUpdated Apr 11, 2026
rohitg00/k8s-storage
devops
VerifiedTrustedCommunity
Kubernetes storage management for PVCs, storage classes, and persistent volumes. Use when provisioning storage, managing volumes, or troubleshooting storage issues.
865SKILL.mdUpdated Apr 11, 2026
rohitg00/k8s-service-mesh
testing
VerifiedTrustedCommunity
Manage Istio service mesh for traffic management, security, and observability. Use for traffic shifting, canary releases, mTLS, and service mesh troubleshooting.
865SKILL.mdUpdated Apr 11, 2026