13443b05a6
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
86 lines
3 KiB
Django/Jinja
86 lines
3 KiB
Django/Jinja
---
|
|
# Source: cilium/templates/hubble-relay-configmap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: hubble-relay-config
|
|
namespace: kube-system
|
|
data:
|
|
config.yaml: |
|
|
peer-service: unix:///var/run/cilium/hubble.sock
|
|
listen-address: :4245
|
|
dial-timeout:
|
|
retry-timeout:
|
|
sort-buffer-len-max:
|
|
sort-buffer-drain-timeout:
|
|
tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
|
|
tls-client-key-file: /var/lib/hubble-relay/tls/client.key
|
|
tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
|
|
disable-server-tls: true
|
|
---
|
|
# Source: cilium/templates/hubble-ui-configmap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: hubble-ui-envoy
|
|
namespace: kube-system
|
|
data:
|
|
envoy.yaml: |
|
|
static_resources:
|
|
listeners:
|
|
- name: listener_hubble_ui
|
|
address:
|
|
socket_address:
|
|
address: 0.0.0.0
|
|
port_value: 8081
|
|
filter_chains:
|
|
- filters:
|
|
- name: envoy.filters.network.http_connection_manager
|
|
config:
|
|
codec_type: auto
|
|
stat_prefix: ingress_http
|
|
route_config:
|
|
name: local_route
|
|
virtual_hosts:
|
|
- name: local_service
|
|
domains: ['*']
|
|
routes:
|
|
- match:
|
|
prefix: '/api/'
|
|
route:
|
|
cluster: backend
|
|
max_grpc_timeout: 0s
|
|
prefix_rewrite: '/'
|
|
- match:
|
|
prefix: '/'
|
|
route:
|
|
cluster: frontend
|
|
cors:
|
|
allow_origin_string_match:
|
|
- prefix: '*'
|
|
allow_methods: GET, PUT, DELETE, POST, OPTIONS
|
|
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
|
|
max_age: '1728000'
|
|
expose_headers: grpc-status,grpc-message
|
|
http_filters:
|
|
- name: envoy.filters.http.grpc_web
|
|
- name: envoy.filters.http.cors
|
|
- name: envoy.filters.http.router
|
|
clusters:
|
|
- name: frontend
|
|
connect_timeout: 0.25s
|
|
type: strict_dns
|
|
lb_policy: round_robin
|
|
hosts:
|
|
- socket_address:
|
|
address: 127.0.0.1
|
|
port_value: 8080
|
|
- name: backend
|
|
connect_timeout: 0.25s
|
|
type: logical_dns
|
|
lb_policy: round_robin
|
|
http2_protocol_options: {}
|
|
hosts:
|
|
- socket_address:
|
|
address: 127.0.0.1
|
|
port_value: 8090
|