kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix cilium's hubble ui configuration (#9735) (#9864) 

This fixes the CrashLoopBackoff error that appears because envoy
configuration has changed a lot and upstream removed the envoy proxy to
use nginx only instead. Those changes are based on upstream cilium helm.

Co-authored-by: James <gwendal.landrein@epita.fr>
pull/10053/head
Kenichi Omichi 2023-03-23 11:48:22 +09:00 committed by GitHub
parent 3f41d8b274
commit 08467ad6b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
roles/network_plugin/cilium/templates/hubble/config.yml.j2
View File

@ -19,69 +19,48 @@ data:
disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %} disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %} disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
--- ---
# Source: cilium/templates/hubble-ui-configmap.yaml # Source: cilium/templates/hubble-ui/configmap.yaml
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: hubble-ui-envoy name: hubble-ui-nginx
namespace: kube-system namespace: kube-system
data: data:
envoy.yaml: | nginx.conf: |
static_resources: server {
listeners: listen 8081;
- name: listener_hubble_ui {% if cilium_enable_ipv6 %}
address: listen [::]:8081;
socket_address: {% endif %}
address: 0.0.0.0 server_name localhost;
port_value: 8081 root /app;
filter_chains: index index.html;
- filters: client_max_body_size 1G;
- name: envoy.filters.network.http_connection_manager
config: location / {
codec_type: auto proxy_set_header Host $host;
stat_prefix: ingress_http proxy_set_header X-Real-IP $remote_addr;
route_config:
name: local_route # CORS
virtual_hosts: add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
- name: local_service add_header Access-Control-Allow-Origin *;
domains: ['*'] add_header Access-Control-Max-Age 1728000;
routes: add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
- match: add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
prefix: '/api/' if ($request_method = OPTIONS) {
route: return 204;
cluster: backend }
max_grpc_timeout: 0s # /CORS
prefix_rewrite: '/'
- match: location /api {
prefix: '/' proxy_http_version 1.1;
route: proxy_pass_request_headers on;
cluster: frontend proxy_hide_header Access-Control-Allow-Origin;
cors: proxy_pass http://127.0.0.1:8090;
allow_origin_string_match: }
- prefix: '*'
allow_methods: GET, PUT, DELETE, POST, OPTIONS location / {
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout try_files $uri $uri/ /index.html;
max_age: '1728000' }
expose_headers: grpc-status,grpc-message }
http_filters: }
- name: envoy.filters.http.grpc_web
- name: envoy.filters.http.cors
- name: envoy.filters.http.router
clusters:
- name: frontend
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
hosts:
- socket_address:
address: 127.0.0.1
port_value: 8080
- name: backend
connect_timeout: 0.25s
type: logical_dns
lb_policy: round_robin
http2_protocol_options: {}
hosts:
- socket_address:
address: 127.0.0.1
port_value: 8090

39
roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
View File

@ -90,7 +90,7 @@ spec:
path: hubble-server-ca.crt path: hubble-server-ca.crt
name: tls name: tls
--- ---
# Source: cilium/templates/hubble-ui-deployment.yaml # Source: cilium/templates/hubble-ui/deployment.yaml
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
metadata: metadata:
@ -118,8 +118,14 @@ spec:
image: "{{ cilium_hubble_ui_image_repo }}:{{ cilium_hubble_ui_image_tag }}" image: "{{ cilium_hubble_ui_image_repo }}:{{ cilium_hubble_ui_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
ports: ports:
- containerPort: 8080 - containerPort: 8081
name: http name: http
volumeMounts:
- name: hubble-ui-nginx-conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
- name: tmp-dir
mountPath: /tmp
resources: resources:
{} {}
- name: backend - name: backend
@ -135,27 +141,10 @@ spec:
name: grpc name: grpc
resources: resources:
{} {}
- name: proxy
image: "{{ cilium_hubble_envoy_image_repo }}:{{ cilium_hubble_envoy_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
ports:
- containerPort: 8081
name: http
resources:
{}
command: ["envoy"]
args:
[
"-c",
"/etc/envoy.yaml",
"-l",
"info"
]
volumeMounts:
- name: hubble-ui-envoy-yaml
mountPath: /etc/envoy.yaml
subPath: envoy.yaml
volumes: volumes:
- name: hubble-ui-envoy-yaml - configMap:
configMap: defaultMode: 420
name: hubble-ui-envoy name: hubble-ui-nginx
name: hubble-ui-nginx-conf
- emptyDir: {}
name: tmp-dir