cilium: Fix the configuration of tls for hubble (#9880)

Signed-off-by: utam0k <k0ma@utam0k.jp>
pull/9922/head
Toru Komatsu 2023-03-24 17:10:31 +09:00 committed by GitHub
parent f6e4a231cb
commit 8afd74ce1f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions

View File

@ -1,3 +1,4 @@
#jinja2: trim_blocks:False
---
# Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml
apiVersion: v1
@ -16,6 +17,8 @@ data:
sort-buffer-drain-timeout:
tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
tls-client-key-file: /var/lib/hubble-relay/tls/client.key
tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
tls-server-key-file: /var/lib/hubble-relay/tls/server.key
tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}

View File

@ -79,12 +79,21 @@ spec:
- secret:
name: hubble-relay-client-certs
items:
- key: ca.crt
path: hubble-server-ca.crt
- key: tls.crt
path: client.crt
- key: tls.key
path: client.key
- key: ca.crt
path: hubble-server-ca.crt
- secret:
name: hubble-server-certs
items:
- key: tls.crt
path: server.crt
- key: tls.key
path: server.key
name: tls
---
# Source: cilium/templates/hubble-ui/deployment.yaml