diff --git a/defaults/main.yml b/defaults/main.yml
index a3ade31..dc06019 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,6 +13,7 @@ kubernetes_version: '1.25'
 kubernetes_version_rhel_package: '1.25.1'
 kubernetes_cilium_version: '1.14.5'
 kubernetes_cilium_datapath: 'native'
+kubernetes_cilium_hubble_client: false
 kubernetes_cilium_values: ""
 
 kubernetes_role: control_plane
diff --git a/tasks/control-plane-setup.yml b/tasks/control-plane-setup.yml
index 36386cb..8fcf3d1 100644
--- a/tasks/control-plane-setup.yml
+++ b/tasks/control-plane-setup.yml
@@ -22,10 +22,10 @@
     --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
     {{ kubernetes_kubeadm_init_extra_opts }}
   register: kubeadmin_init
-  when: >
-    (not kubernetes_init_stat.stat.exists) and
-    (kubernetes_ignore_preflight_errors is not defined) and
-    (not (replace_kube_proxy))
+  when:
+    - not kubernetes_init_stat.stat.exists
+    - kubernetes_ignore_preflight_errors is not defined
+    - not replace_kube_proxy
 
 - name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
   command: >
@@ -34,10 +34,10 @@
     --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
     {{ kubernetes_kubeadm_init_extra_opts }}
   register: kubeadmin_init
-  when: >
-    (not kubernetes_init_stat.stat.exists) and
-    (kubernetes_ignore_preflight_errors is defined) and
-    (not (replace_kube_proxy))
+  when:
+    - not kubernetes_init_stat.stat.exists
+    - kubernetes_ignore_preflight_errors is defined
+    - not replace_kube_proxy
 
 - name: Initialize Kubernetes control plane with kubeadm init without kube-proxy
   command: >
@@ -46,10 +46,10 @@
     --skip-phases=addon/kube-proxy
     {{ kubernetes_kubeadm_init_extra_opts }}
   register: kubeadmin_init
-  when: >
-    (not kubernetes_init_stat.stat.exists) and
-    (kubernetes_ignore_preflight_errors is not defined) and
-    (replace_kube_proxy)
+  when:
+    - not kubernetes_init_stat.stat.exists
+    - kubernetes_ignore_preflight_errors is not defined
+    - replace_kube_proxy
 
 - name: Initialize Kubernetes control plane with kubeadm init without kube-proxy and ignore_preflight_errors
   command: >
@@ -59,10 +59,10 @@
     --skip-phases=addon/kube-proxy
     {{ kubernetes_kubeadm_init_extra_opts }}
   register: kubeadmin_init
-  when: >
-    (not kubernetes_init_stat.stat.exists) and
-    (kubernetes_ignore_preflight_errors is defined) and
-    (replace_kube_proxy)
+  when:
+    - not kubernetes_init_stat.stat.exists
+    - kubernetes_ignore_preflight_errors is defined
+    - replace_kube_proxy
 
 - name: Print the init output to screen.
   debug:
diff --git a/tasks/hubble-client-setup.yml b/tasks/hubble-client-setup.yml
new file mode 100644
index 0000000..41bd634
--- /dev/null
+++ b/tasks/hubble-client-setup.yml
@@ -0,0 +1,53 @@
+---
+- name: Check if Hubble CLI has already been Installed.
+  stat:
+    path: /usr/local/bin/hubble
+  register: hubble_init_stat
+  when:
+    - kubernetes_pod_network.cni == 'cilium'
+
+- name: Install Hubble CLI
+  when:
+    - kubernetes_pod_network.cni == 'cilium'
+    - not hubble_init_stat.stat.exists
+  block:
+    - name: Get Hubble CLI version
+      shell: curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt
+      register: hubble_cli_version
+      changed_when: false
+
+    - name: Set CLI architecture
+      set_fact:
+        cli_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+
+
+    - name: Download Hubble CLI
+      get_url:
+        url: "https://github.com/cilium/hubble/releases/download/{{ hubble_cli_version.stdout }}/hubble-linux-{{ cli_arch }}.tar.gz"
+        dest: "/tmp/hubble-linux-{{ cli_arch }}.tar.gz"
+        mode: '0644'
+
+    - name: Download Hubble CLI checksum
+      get_url:
+        url: "https://github.com/cilium/hubble/releases/download/{{ hubble_cli_version.stdout }}/hubble-linux-{{ cli_arch }}.tar.gz.sha256sum"
+        dest: "/tmp/hubble-linux-{{ cli_arch }}.tar.gz.sha256sum"
+        mode: '0644'
+
+    - name: Verify Hubble CLI checksum
+      shell: sha256sum --check /tmp/hubble-linux-{{ cli_arch }}.tar.gz.sha256sum
+      args:
+        chdir: /tmp
+
+    - name: Extract Hubble CLI
+      unarchive:
+        src: "/tmp/hubble-linux-{{ cli_arch }}.tar.gz"
+        dest: /usr/local/bin
+        remote_src: true
+
+    - name: Remove downloaded files
+      file:
+        path: "/tmp/hubble-linux-{{ cli_arch }}.tar.gz{{ item }}"
+        state: absent
+      loop:
+        - ''
+        - '.sha256sum'
diff --git a/tasks/main.yml b/tasks/main.yml
index 245fe65..b507fc0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -37,8 +37,17 @@
 # Set up Cilium Client.
 - include_tasks: cilium-client-setup.yml
   when:
-    - kubernetes_pod_network.cni == 'cilium'
     - kubernetes_role == 'control_plane'
+    - kubernetes_pod_network.cni == 'cilium'
+
+# Set up hubble Client.
+- include_tasks: hubble-client-setup.yml
+  when:
+    - kubernetes_role == 'control_plane'
+    - kubernetes_pod_network.cni == 'cilium'
+    - kubernetes_cilium_hubble_client
+    - kubernetes_cilium_values.hubble.relay.enabled is defined
+    - kubernetes_cilium_values.hubble.relay.enabled
 
 # Set up control plane.
 - include_tasks: control-plane-setup.yml