External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-20 23:37:43 -02:30
Code Issues Packages Projects Releases Wiki Activity

[cilium] fix rbac and upgrade hubble v0.11.0 (#3) (#9959)

Browse Source 
* [cilium] fix rbac and upgrade hubble v0.11.0 (#3)

* [cilium] fix rbac for LB bgp ipam

* [cilium] Upgrade Hubble to v0.11.0 and add mTLS between Hubble UI and Hubble Relay

* fix dns domain hubble for tls

---------

Co-authored-by: Thuon Jeremy <d107869@olinfra1.infra.bdm.outscale.c1.dav.fr>

* Fix blank line

---------

Co-authored-by: Thuon Jeremy <d107869@olinfra1.infra.bdm.outscale.c1.dav.fr>
This commit is contained in:
jeremy-thuon
2023-04-10 07:07:15 +02:00
committed by GitHub
parent fcb5e77338
commit 4a03d13d08
7 changed files with 66 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
View File

@@ -138,8 +138,28 @@ spec:
env:
- name: EVENTS_SERVER_PORT
value: "8090"
{% if cilium_hubble_tls_generate -%}
- name: TLS_TO_RELAY_ENABLED
value: "true"
- name: FLOWS_API_ADDR
value: "hubble-relay:443"
- name: TLS_RELAY_SERVER_NAME
value: ui.{{ cilium_cluster_name }}.hubble-grpc.cilium.io
- name: TLS_RELAY_CA_CERT_FILES
value: /var/lib/hubble-ui/certs/hubble-server-ca.crt
- name: TLS_RELAY_CLIENT_CERT_FILE
value: /var/lib/hubble-ui/certs/client.crt
- name: TLS_RELAY_CLIENT_KEY_FILE
value: /var/lib/hubble-ui/certs/client.key
{% else -%}
- name: FLOWS_API_ADDR
value: "hubble-relay:80"
{% endif %}
volumeMounts:
- name: tls
mountPath: /var/lib/hubble-ui/certs
readOnly: true
ports:
- containerPort: 8090
name: grpc
@@ -150,5 +170,17 @@ spec:
defaultMode: 420
name: hubble-ui-nginx
name: hubble-ui-nginx-conf
- projected:
sources:
- secret:
name: hubble-relay-client-certs
items:
- key: ca.crt
path: hubble-server-ca.crt
- key: tls.crt
path: client.crt
- key: tls.key
path: client.key
name: tls
- emptyDir: {}
name: tmp-dir