--- # Source: cilium/templates/hubble-relay-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: hubble-relay labels: k8s-app: hubble-relay namespace: kube-system spec: replicas: 1 selector: matchLabels: k8s-app: hubble-relay strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: annotations: labels: k8s-app: hubble-relay spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "k8s-app" operator: In values: - cilium topologyKey: "kubernetes.io/hostname" containers: - name: hubble-relay image: "{{ cilium_hubble_relay_image_repo }}:{{ cilium_hubble_relay_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} command: - hubble-relay args: - serve ports: - name: grpc containerPort: 4245 readinessProbe: tcpSocket: port: grpc livenessProbe: tcpSocket: port: grpc volumeMounts: - mountPath: /var/run/cilium name: hubble-sock-dir readOnly: true - mountPath: /etc/hubble-relay name: config readOnly: true - mountPath: /var/lib/hubble-relay/tls name: tls readOnly: true restartPolicy: Always serviceAccount: hubble-relay serviceAccountName: hubble-relay terminationGracePeriodSeconds: 0 volumes: - configMap: name: hubble-relay-config items: - key: config.yaml path: config.yaml name: config - hostPath: path: /var/run/cilium type: Directory name: hubble-sock-dir - projected: sources: - secret: name: hubble-relay-client-certs items: - key: tls.crt path: client.crt - key: tls.key path: client.key - configMap: name: hubble-ca-cert items: - key: ca.crt path: hubble-server-ca.crt name: tls --- # Source: cilium/templates/hubble-ui-deployment.yaml kind: Deployment apiVersion: apps/v1 metadata: namespace: kube-system labels: k8s-app: hubble-ui name: hubble-ui spec: replicas: 1 selector: matchLabels: k8s-app: hubble-ui template: metadata: annotations: labels: k8s-app: hubble-ui spec: securityContext: runAsUser: 1001 serviceAccount: hubble-ui serviceAccountName: hubble-ui containers: - name: frontend image: "{{ cilium_hubble_ui_image_repo }}:{{ cilium_hubble_ui_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} ports: - containerPort: 8080 name: http resources: {} - name: backend image: "{{ cilium_hubble_ui_backend_image_repo }}:{{ cilium_hubble_ui_backend_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} env: - name: EVENTS_SERVER_PORT value: "8090" - name: FLOWS_API_ADDR value: "hubble-relay:80" ports: - containerPort: 8090 name: grpc resources: {} - name: proxy image: "{{ cilium_hubble_envoy_image_repo }}:{{ cilium_hubble_envoy_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} ports: - containerPort: 8081 name: http resources: {} command: ["envoy"] args: [ "-c", "/etc/envoy.yaml", "-l", "info" ] volumeMounts: - name: hubble-ui-envoy-yaml mountPath: /etc/envoy.yaml subPath: envoy.yaml volumes: - name: hubble-ui-envoy-yaml configMap: name: hubble-ui-envoy