31caab5f92
Signed-off-by: dcwbq <biqiang.wu@daocloud.io> Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
46 lines
1.8 KiB
Django/Jinja
46 lines
1.8 KiB
Django/Jinja
---
|
|
# Source: cilium/templates/hubble-generate-certs-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: hubble-generate-certs
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: hubble-generate-certs
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: hubble-generate-certs
|
|
spec:
|
|
serviceAccount: hubble-generate-certs
|
|
serviceAccountName: hubble-generate-certs
|
|
containers:
|
|
- name: certgen
|
|
image: "{{ cilium_hubble_certgen_image_repo }}:{{ cilium_hubble_certgen_image_tag }}"
|
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
|
command:
|
|
- "/usr/bin/cilium-certgen"
|
|
# Because this is executed as a job, we pass the values as command
|
|
# line args instead of via config map. This allows users to inspect
|
|
# the values used in past runs by inspecting the completed pod.
|
|
args:
|
|
- "--cilium-namespace=kube-system"
|
|
- "--hubble-ca-reuse-secret=true"
|
|
- "--hubble-ca-secret-name=hubble-ca-secret"
|
|
- "--hubble-ca-generate=true"
|
|
- "--hubble-ca-validity-duration=94608000s"
|
|
- "--hubble-ca-config-map-create=true"
|
|
- "--hubble-ca-config-map-name=hubble-ca-cert"
|
|
- "--hubble-server-cert-generate=true"
|
|
- "--hubble-server-cert-common-name=*.{{ cilium_cluster_name }}.hubble-grpc.cilium.io"
|
|
- "--hubble-server-cert-validity-duration=94608000s"
|
|
- "--hubble-server-cert-secret-name=hubble-server-certs"
|
|
- "--hubble-relay-client-cert-generate=true"
|
|
- "--hubble-relay-client-cert-validity-duration=94608000s"
|
|
- "--hubble-relay-client-cert-secret-name=hubble-relay-client-certs"
|
|
- "--hubble-relay-server-cert-generate=false"
|
|
hostNetwork: true
|
|
restartPolicy: OnFailure
|
|
ttlSecondsAfterFinished: 1800
|