diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml index da56c46e3..18fc65f97 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml @@ -152,6 +152,9 @@ cilium_l2announcements: false # Hubble ### Enable Hubble without install # cilium_enable_hubble: false +### Enable Hubble-ui +### Installed by default when hubble is enabled. To disable set to false +# cilium_enable_hubble_ui: "{{ cilium_enable_hubble }} ### Enable Hubble Metrics # cilium_enable_hubble_metrics: false ### if cilium_enable_hubble_metrics: true diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index fae0ceeae..c55bdddcf 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -144,6 +144,8 @@ cilium_ip_masq_resync_interval: 60s # Hubble ### Enable Hubble without install cilium_enable_hubble: false +### Enable Hubble-ui +cilium_enable_hubble_ui: "{{ cilium_enable_hubble }}" ### Enable Hubble Metrics cilium_enable_hubble_metrics: false ### if cilium_enable_hubble_metrics: true diff --git a/roles/network_plugin/cilium/templates/hubble/cr.yml.j2 b/roles/network_plugin/cilium/templates/hubble/cr.yml.j2 index 4a95565d2..ee974b5e3 100644 --- a/roles/network_plugin/cilium/templates/hubble/cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/cr.yml.j2 @@ -60,6 +60,7 @@ rules: - get - list - watch +{% if cilium_enable_hubble_ui %} --- # Source: cilium/templates/hubble-ui-clusterrole.yaml kind: ClusterRole @@ -104,3 +105,4 @@ rules: - get - list - watch +{% endif %} diff --git a/roles/network_plugin/cilium/templates/hubble/crb.yml.j2 b/roles/network_plugin/cilium/templates/hubble/crb.yml.j2 index f033429ce..e5b8976e8 100644 --- a/roles/network_plugin/cilium/templates/hubble/crb.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/crb.yml.j2 @@ -28,6 +28,7 @@ subjects: - kind: ServiceAccount namespace: kube-system name: hubble-relay +{% if cilium_enable_hubble_ui %} --- # Source: cilium/templates/hubble-ui-clusterrolebinding.yaml kind: ClusterRoleBinding @@ -42,3 +43,4 @@ subjects: - kind: ServiceAccount namespace: kube-system name: hubble-ui +{% endif %} diff --git a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 index f0153d64d..fbd3b2fa8 100644 --- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 @@ -104,6 +104,7 @@ spec: name: tls {%- endif %} +{% if cilium_enable_hubble_ui %} --- # Source: cilium/templates/hubble-ui/deployment.yaml kind: Deployment @@ -195,3 +196,4 @@ spec: name: tls - emptyDir: {} name: tmp-dir +{% endif %} diff --git a/roles/network_plugin/cilium/templates/hubble/sa.yml.j2 b/roles/network_plugin/cilium/templates/hubble/sa.yml.j2 index 9b3203dbd..46de08179 100644 --- a/roles/network_plugin/cilium/templates/hubble/sa.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/sa.yml.j2 @@ -14,6 +14,7 @@ kind: ServiceAccount metadata: name: hubble-relay namespace: kube-system +{% if cilium_enable_hubble_ui %} --- # Source: cilium/templates/hubble-ui-serviceaccount.yaml apiVersion: v1 @@ -21,3 +22,4 @@ kind: ServiceAccount metadata: name: hubble-ui namespace: kube-system +{% endif %} diff --git a/roles/network_plugin/cilium/templates/hubble/service.yml.j2 b/roles/network_plugin/cilium/templates/hubble/service.yml.j2 index 48e90b825..982487cb0 100644 --- a/roles/network_plugin/cilium/templates/hubble/service.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/service.yml.j2 @@ -68,6 +68,7 @@ spec: {% endif -%} targetPort: 4245 --- +{% if cilium_enable_hubble_ui %} # Source: cilium/templates/hubble-ui-service.yaml kind: Service apiVersion: v1 @@ -85,6 +86,7 @@ spec: targetPort: 8081 type: ClusterIP --- +{% endif %} # Source: cilium/templates/hubble/peer-service.yaml apiVersion: v1 kind: Service