kubespray/roles/network_plugin/cilium/templates/hubble/config.yml.j2

#jinja2: trim_blocks:False
---
# Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: hubble-relay-config
  namespace: kube-system
data:
  config.yaml: |
    peer-service: "hubble-peer.kube-system.svc.{{ dns_domain }}:443"
    listen-address: :4245
    metrics-listen-address: ":9966"
    dial-timeout: 
    retry-timeout: 
    sort-buffer-len-max: 
    sort-buffer-drain-timeout: 
    tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
    tls-client-key-file: /var/lib/hubble-relay/tls/client.key
    tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
    tls-server-key-file: /var/lib/hubble-relay/tls/server.key
    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
    disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
    disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
---
# Source: cilium/templates/hubble-ui/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: hubble-ui-nginx
  namespace: kube-system
data:
  nginx.conf: |
    server {
        listen       8081;
    {% if cilium_enable_ipv6 %}
        listen       [::]:8081;
    {% endif %}
        server_name  localhost;
        root /app;
        index index.html;
        client_max_body_size 1G;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;

            # CORS
            add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Max-Age 1728000;
            add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
            add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
            if ($request_method = OPTIONS) {
                return 204;
            }
            # /CORS

            location /api {
                proxy_http_version 1.1;
                proxy_pass_request_headers on;
                proxy_hide_header Access-Control-Allow-Origin;
                proxy_pass http://127.0.0.1:8090;
            }

            location / {
                try_files $uri $uri/ /index.html;
            }
        }
    }
cilium: Fix the configuration of tls for hubble (#9880) Signed-off-by: utam0k <k0ma@utam0k.jp> 2023-03-24 16:10:31 +08:00			`#jinja2: trim_blocks:False`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`---`
Fix ciliums hubble relay configuration (#9876) * Fix ciliums hubble relay configuration * Fixed the tls from code review * Updated to dna_domain instead of hardcoding 2023-03-22 03:50:12 +08:00			`# Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: hubble-relay-config`
			`namespace: kube-system`
			`data:`
			`config.yaml: \|`
Fix ciliums hubble relay configuration (#9876) * Fix ciliums hubble relay configuration * Fixed the tls from code review * Updated to dna_domain instead of hardcoding 2023-03-22 03:50:12 +08:00			`peer-service: "hubble-peer.kube-system.svc.{{ dns_domain }}:443"`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`listen-address: :4245`
Fix ciliums hubble relay configuration (#9876) * Fix ciliums hubble relay configuration * Fixed the tls from code review * Updated to dna_domain instead of hardcoding 2023-03-22 03:50:12 +08:00			`metrics-listen-address: ":9966"`
			`dial-timeout:`
			`retry-timeout:`
			`sort-buffer-len-max:`
			`sort-buffer-drain-timeout:`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt`
			`tls-client-key-file: /var/lib/hubble-relay/tls/client.key`
cilium: Fix the configuration of tls for hubble (#9880) Signed-off-by: utam0k <k0ma@utam0k.jp> 2023-03-24 16:10:31 +08:00			`tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt`
			`tls-server-key-file: /var/lib/hubble-relay/tls/server.key`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt`
fix: hubble relay tls error (#9457) 2022-11-02 15:14:46 +08:00			`disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}`
			`disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`---`
Fix cilium's hubble ui configuration (#9735) This fixes the CrashLoopBackoff error that appears because envoy configuration has changed a lot and upstream removed the envoy proxy to use nginx only instead. Those changes are based on upstream cilium helm. 2023-01-31 16:28:48 +08:00			`# Source: cilium/templates/hubble-ui/configmap.yaml`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
Fix cilium's hubble ui configuration (#9735) This fixes the CrashLoopBackoff error that appears because envoy configuration has changed a lot and upstream removed the envoy proxy to use nginx only instead. Those changes are based on upstream cilium helm. 2023-01-31 16:28:48 +08:00			`name: hubble-ui-nginx`
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 23:09:59 +08:00			`namespace: kube-system`
			`data:`
Fix cilium's hubble ui configuration (#9735) This fixes the CrashLoopBackoff error that appears because envoy configuration has changed a lot and upstream removed the envoy proxy to use nginx only instead. Those changes are based on upstream cilium helm. 2023-01-31 16:28:48 +08:00			`nginx.conf: \|`
			`server {`
			`listen 8081;`
			`{% if cilium_enable_ipv6 %}`
			`listen [::]:8081;`
			`{% endif %}`
			`server_name localhost;`
			`root /app;`
			`index index.html;`
			`client_max_body_size 1G;`

			`location / {`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`

			`# CORS`
			`add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";`
			`add_header Access-Control-Allow-Origin *;`
			`add_header Access-Control-Max-Age 1728000;`
			`add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;`
			`add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;`
			`if ($request_method = OPTIONS) {`
			`return 204;`
			`}`
			`# /CORS`

			`location /api {`
			`proxy_http_version 1.1;`
			`proxy_pass_request_headers on;`
			`proxy_hide_header Access-Control-Allow-Origin;`
			`proxy_pass http://127.0.0.1:8090;`
			`}`

			`location / {`
			`try_files $uri $uri/ /index.html;`
			`}`
			`}`
			`}`