From 9a08afa3f963faff6836587c243edb26ffd14c8e Mon Sep 17 00:00:00 2001
From: k8s-infra-cherrypick-robot
 <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com>
Date: Fri, 4 Jul 2025 01:23:25 -0700
Subject: [PATCH] [release-2.28] Cilium: Pass cluster DNS to hubble.peerService
 in values.yaml.j2 (#12374)

* cilium: pass cluster DNS to hubble.peerService in values.yaml.j2

* Add dedicated Hubble variable defaulting to inventory cluster domain

---------

Co-authored-by: Mustafa Mertcan CAM <mertcancam@gmail.com>
---
 inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml | 4 ++++
 roles/network_plugin/cilium/defaults/main.yml              | 4 ++++
 roles/network_plugin/cilium/templates/values.yaml.j2       | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
index bd251aadb..dee44a58a 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
@@ -175,6 +175,10 @@ cilium_l2announcements: false
 ### Buffer size of the channel to receive monitor events.
 # cilium_hubble_event_queue_size: 50
 
+# Override the DNS suffix that Hubble-Relay uses to resolve its peer service.
+# It defaults to the inventory's `dns_domain`.
+# cilium_hubble_peer_service_cluster_domain: "{{ dns_domain }}"
+
 # IP address management mode for v1.9+.
 # https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
 # cilium_ipam_mode: kubernetes
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index efa954d8b..8ddbae85a 100644
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -176,6 +176,10 @@ cilium_hubble_export_dynamic_config_content:
     excludeFilters: []
     filePath: "/var/run/cilium/hubble/events.log"
 
+# Override the DNS suffix that Hubble-Relay uses to resolve its peer service.
+# It defaults to the inventory's `dns_domain`.
+cilium_hubble_peer_service_cluster_domain: "{{ dns_domain }}"
+
 ### Capacity of Hubble events buffer. The provided value must be one less than an integer power of two and no larger than 65535
 ### (ie: 1, 3, ..., 2047, 4095, ..., 65535) (default 4095)
 # cilium_hubble_event_buffer_capacity: 4095
diff --git a/roles/network_plugin/cilium/templates/values.yaml.j2 b/roles/network_plugin/cilium/templates/values.yaml.j2
index adf94b18b..35529a025 100644
--- a/roles/network_plugin/cilium/templates/values.yaml.j2
+++ b/roles/network_plugin/cilium/templates/values.yaml.j2
@@ -83,6 +83,8 @@ ipMasqAgent:
 {% endif %}
 
 hubble:
+  peerService:
+    clusterDomain: {{ cilium_hubble_peer_service_cluster_domain }}
   enabled: {{ cilium_enable_hubble | to_json }}
   relay:
     enabled: {{ cilium_enable_hubble | to_json }}