---
# Source: cilium/templates/hubble-relay-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hubble-relay
  labels:
    k8s-app: hubble-relay
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: hubble-relay
  strategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
      labels:
        k8s-app: hubble-relay
    spec:
      affinity:
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
                - key: "k8s-app"
                  operator: In
                  values:
                    - cilium
            topologyKey: "kubernetes.io/hostname"
      containers:
        - name: hubble-relay
          image: "{{ cilium_hubble_relay_image_repo }}:{{ cilium_hubble_relay_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          command:
            - hubble-relay
          args:
            - serve
          ports:
            - name: grpc
              containerPort: 4245
          readinessProbe:
            tcpSocket:
              port: grpc
          livenessProbe:
            tcpSocket:
              port: grpc
          volumeMounts:
          - mountPath: /var/run/cilium
            name: hubble-sock-dir
            readOnly: true
          - mountPath: /etc/hubble-relay
            name: config
            readOnly: true
          - mountPath: /var/lib/hubble-relay/tls
            name: tls
            readOnly: true
      restartPolicy: Always
      serviceAccount: hubble-relay
      serviceAccountName: hubble-relay
      terminationGracePeriodSeconds: 0
      volumes:
      - configMap:
          name: hubble-relay-config
          items:
          - key: config.yaml
            path: config.yaml
        name: config
      - hostPath:
          path: /var/run/cilium
          type: Directory
        name: hubble-sock-dir
      - projected:
          sources:
          - secret:
              name: hubble-relay-client-certs
              items:
                - key: tls.crt
                  path: client.crt
                - key: tls.key
                  path: client.key
          - configMap:
              name: hubble-ca-cert
              items:
                - key: ca.crt
                  path: hubble-server-ca.crt
        name: tls
---
# Source: cilium/templates/hubble-ui-deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: kube-system
  labels:
    k8s-app: hubble-ui
  name: hubble-ui
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: hubble-ui
  template:
    metadata:
      annotations:
      labels:
        k8s-app: hubble-ui
    spec:
      securityContext:
        runAsUser: 1001
      serviceAccount: hubble-ui
      serviceAccountName: hubble-ui
      containers:
        - name: frontend
          image: "{{ cilium_hubble_ui_image_repo }}:{{ cilium_hubble_ui_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          ports:
            - containerPort: 8080
              name: http
          resources:
            {}
        - name: backend
          image: "{{ cilium_hubble_ui_backend_image_repo }}:{{ cilium_hubble_ui_backend_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          env:
            - name: EVENTS_SERVER_PORT
              value: "8090"
            - name: FLOWS_API_ADDR
              value: "hubble-relay:80"
          ports:
            - containerPort: 8090
              name: grpc
          resources:
            {}
        - name: proxy
          image: "{{ cilium_hubble_envoy_image_repo }}:{{ cilium_hubble_envoy_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          ports:
            - containerPort: 8081
              name: http
          resources:
            {}
          command: ["envoy"]
          args:
            [
              "-c",
              "/etc/envoy.yaml",
              "-l",
              "info"
            ]
          volumeMounts:
            - name: hubble-ui-envoy-yaml
              mountPath: /etc/envoy.yaml
              subPath: envoy.yaml
      volumes:
        - name: hubble-ui-envoy-yaml
          configMap:
            name: hubble-ui-envoy