kubespray/roles/network_plugin/cilium/templates/hubble/config.yml.j2

#jinja2: trim_blocks:False
---
# Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: hubble-relay-config
  namespace: kube-system
data:
  config.yaml: |
    cluster-name: "{{ cilium_cluster_name }}"
    peer-service: "hubble-peer.kube-system.svc.{{ dns_domain }}:443"
    listen-address: :4245
    metrics-listen-address: ":9966"
    dial-timeout:
    retry-timeout:
    sort-buffer-len-max:
    sort-buffer-drain-timeout:
    tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
    tls-client-key-file: /var/lib/hubble-relay/tls/client.key
    tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
    tls-server-key-file: /var/lib/hubble-relay/tls/server.key
    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
    disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
    disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
---
# Source: cilium/templates/hubble-ui/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: hubble-ui-nginx
  namespace: kube-system
data:
  nginx.conf: |
    server {
        listen       8081;
    {% if cilium_enable_ipv6 %}
        listen       [::]:8081;
    {% endif %}
        server_name  localhost;
        root /app;
        index index.html;
        client_max_body_size 1G;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;

            # CORS
            add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Max-Age 1728000;
            add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
            add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
            if ($request_method = OPTIONS) {
                return 204;
            }
            # /CORS

            location /api {
                proxy_http_version 1.1;
                proxy_pass_request_headers on;
                proxy_hide_header Access-Control-Allow-Origin;
                proxy_pass http://127.0.0.1:8090;
            }

            location / {
                try_files $uri $uri/ /index.html;
            }
        }
    }