Fix ciliums hubble relay configuration (#9876)

* Fix ciliums hubble relay configuration * Fixed the tls from code review * Updated to dna_domain instead of hardcoding
2026-03-10 12:18:52 +03:00 · 2023-03-21 12:50:12 -07:00
parent 8cf5fefe84
commit a9f52060c9
3 changed files with 47 additions and 9 deletions
--- a/roles/network_plugin/cilium/templates/hubble/service.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/service.yml.j2
@@ -21,6 +21,27 @@ spec:
    targetPort: hubble-metrics
  selector:
    k8s-app: cilium
+---
+# Source: cilium/templates/hubble-relay/metrics-service.yaml
+# We use a separate service from hubble-relay which can be exposed externally
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-relay-metrics
+  namespace: kube-system
+  labels:
+    k8s-app: hubble-relay
+spec:
+  clusterIP: None
+  type: ClusterIP
+  selector:
+    k8s-app: hubble-relay
+  ports:
+  - name: metrics
+    port: 9966
+    protocol: TCP
+    targetPort: prometheus
+
 {% endif %}
 ---
 # Source: cilium/templates/hubble-relay-service.yaml
@@ -56,3 +77,22 @@ spec:
      port: 80
      targetPort: 8081
  type: ClusterIP
+---
+# Source: cilium/templates/hubble/peer-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: hubble-peer
+  namespace: kube-system
+  labels:
+    k8s-app: cilium
+spec:
+  selector:
+    k8s-app: cilium
+  ports:
+  - name: peer-service
+    port: 443
+    protocol: TCP
+    targetPort: 4244
+  internalTrafficPolicy: Local
+