cilium: Fix the configuration of tls for hubble (#9880)

Signed-off-by: utam0k <k0ma@utam0k.jp>
2023-03-24 17:10:31 +09:00 · 2023-03-24 17:10:31 +09:00 · 8afd74ce1f
parent f6e4a231cb
commit 8afd74ce1f
2 changed files with 12 additions and 0 deletions
--- a/roles/network_plugin/cilium/templates/hubble/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/config.yml.j2
@ -1,3 +1,4 @@
+#jinja2: trim_blocks:False
 ---
 # Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml
 apiVersion: v1
@ -16,6 +17,8 @@ data:
    sort-buffer-drain-timeout: 
    tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
    tls-client-key-file: /var/lib/hubble-relay/tls/client.key
+    tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
+    tls-server-key-file: /var/lib/hubble-relay/tls/server.key
    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
    disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
    disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
--- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
@ -79,12 +79,21 @@ spec:
          - secret:
              name: hubble-relay-client-certs
              items:
+                - key: ca.crt
+                  path: hubble-server-ca.crt
                - key: tls.crt
                  path: client.crt
                - key: tls.key
                  path: client.key
                - key: ca.crt
                  path: hubble-server-ca.crt
+          - secret:
+              name: hubble-server-certs
+              items:
+                - key: tls.crt
+                  path: server.crt
+                - key: tls.key
+                  path: server.key
        name: tls
 ---
 # Source: cilium/templates/hubble-ui/deployment.yaml