Revert "feat(helm): update chart cilium to 1.16.0" #490
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
+++ kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
@@ -13,13 +13,13 @@
spec:
chart: cilium
sourceRef:
kind: HelmRepository
name: cilium
namespace: flux-system
- version: 1.16.0
+ version: 1.15.6
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall: |
--- HelmRelease: kube-system/cilium ServiceAccount: kube-system/cilium-envoy
+++ HelmRelease: kube-system/cilium ServiceAccount: kube-system/cilium-envoy
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: cilium-envoy
- namespace: kube-system
-
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-dashboard
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-dashboard
@@ -4703,27 +4703,27 @@
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
- "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"denied\"}[1m]))",
+ "expr": "sum(rate(cilium_policy_l7_denied_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "denied",
"refId": "A"
},
{
- "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"forwarded\"}[1m]))",
+ "expr": "sum(rate(cilium_policy_l7_forwarded_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "forwarded",
"refId": "B"
},
{
- "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"received\"}[1m]))",
+ "expr": "sum(rate(cilium_policy_l7_received_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m]))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "received",
"refId": "C"
}
],
@@ -4869,13 +4869,13 @@
}
},
{
"aliasColors": {
"Max per node processingTime": "#e24d42",
"Max per node upstreamTime": "#58140c",
- "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})": "#bf1b00",
+ "avg(cilium_policy_l7_parse_errors_total{pod=~\"cilium.*\"})": "#bf1b00",
"parse errors": "#bf1b00"
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": {
@@ -4928,13 +4928,13 @@
},
{
"alias": "Max per node upstreamTime",
"yaxis": 2
},
{
- "alias": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})",
+ "alias": "avg(cilium_policy_l7_parse_errors_total{pod=~\"cilium.*\"})",
"yaxis": 2
},
{
"alias": "parse errors",
"yaxis": 2
}
@@ -4949,13 +4949,13 @@
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{scope}}",
"refId": "A"
},
{
- "expr": "avg(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"parse_errors\"}) by (pod)",
+ "expr": "avg(cilium_policy_l7_parse_errors_total{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "parse errors",
"refId": "B"
}
],
@@ -5307,13 +5307,13 @@
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Max {{scope}}",
"refId": "B"
},
{
- "expr": "max(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"parse_errors\"}[1m])) by (pod)",
+ "expr": "max(rate(cilium_policy_l7_parse_errors_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "parse errors",
"refId": "A"
}
],
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config
@@ -7,18 +7,20 @@
data:
identity-allocation-mode: crd
identity-heartbeat-timeout: 30m0s
identity-gc-interval: 15m0s
cilium-endpoint-gc-interval: 5m0s
nodes-gc-interval: 5m0s
+ skip-cnp-status-startup-clean: 'false'
debug: 'false'
debug-verbose: ''
enable-policy: default
policy-cidr-match-mode: ''
prometheus-serve-addr: :9962
controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
+ proxy-prometheus-port: '9964'
operator-prometheus-serve-addr: :9963
enable-metrics: 'true'
enable-ipv4: 'true'
enable-ipv6: 'false'
custom-cni-conf: 'false'
enable-bpf-clock-probe: 'false'
@@ -26,68 +28,57 @@
monitor-aggregation-interval: 5s
monitor-aggregation-flags: all
bpf-map-dynamic-size-ratio: '0.0025'
bpf-policy-map-max: '16384'
bpf-lb-map-max: '65536'
bpf-lb-external-clusterip: 'false'
- bpf-events-drop-enabled: 'true'
- bpf-events-policy-verdict-enabled: 'true'
- bpf-events-trace-enabled: 'true'
preallocate-bpf-maps: 'false'
+ sidecar-istio-proxy-image: cilium/istio_proxy
cluster-name: home-cluster
cluster-id: '1'
routing-mode: native
service-no-backend-response: reject
enable-l7-proxy: 'true'
enable-ipv4-masquerade: 'true'
enable-ipv4-big-tcp: 'false'
enable-ipv6-big-tcp: 'false'
enable-ipv6-masquerade: 'true'
- enable-tcx: 'true'
- datapath-mode: veth
enable-bpf-masquerade: 'true'
enable-masquerade-to-route-source: 'false'
enable-xt-socket-fallback: 'true'
install-no-conntrack-iptables-rules: 'false'
auto-direct-node-routes: 'true'
- direct-routing-skip-unreachable: 'false'
enable-local-redirect-policy: 'true'
ipv4-native-routing-cidr: ${CLUSTER_CIDR}
- enable-runtime-device-detection: 'true'
kube-proxy-replacement: 'true'
kube-proxy-replacement-healthz-bind-address: 0.0.0.0:10256
bpf-lb-sock: 'false'
- bpf-lb-sock-terminate-pod-connections: 'false'
- nodeport-addresses: ''
enable-health-check-nodeport: 'true'
enable-health-check-loadbalancer-ip: 'false'
node-port-bind-protection: 'true'
enable-auto-protect-node-port-range: 'true'
bpf-lb-mode: dsr
bpf-lb-algorithm: maglev
bpf-lb-acceleration: disabled
enable-svc-source-range-check: 'true'
enable-l2-neigh-discovery: 'true'
arping-refresh-period: 30s
- k8s-require-ipv4-pod-cidr: 'false'
- k8s-require-ipv6-pod-cidr: 'false'
enable-endpoint-routes: 'true'
enable-k8s-networkpolicy: 'true'
write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
cni-exclusive: 'true'
cni-log-file: /var/run/cilium/cilium-cni.log
enable-endpoint-health-checking: 'true'
enable-health-checking: 'true'
enable-well-known-identities: 'false'
- enable-node-selector-labels: 'false'
+ enable-remote-node-identity: 'true'
synchronize-k8s-nodes: 'true'
operator-api-serve-addr: 127.0.0.1:9234
enable-hubble: 'true'
hubble-socket-path: /var/run/cilium/hubble.sock
hubble-metrics-server: :9965
- hubble-metrics-server-enable-tls: 'false'
hubble-metrics: dns:query drop tcp flow port-distribution icmp http
enable-hubble-open-metrics: 'false'
hubble-export-file-max-size-mb: '10'
hubble-export-file-max-backups: '5'
hubble-listen-address: :4244
hubble-disable-tls: 'false'
@@ -103,24 +94,24 @@
vtep-mask: ''
vtep-mac: ''
enable-l2-announcements: 'true'
l2-announcements-lease-duration: 120s
l2-announcements-renew-deadline: 60s
l2-announcements-retry-period: 1s
+ enable-bgp-control-plane: 'false'
bpf-root: /sys/fs/bpf
cgroup-root: /run/cilium/cgroupv2
enable-k8s-terminating-endpoint: 'true'
enable-sctp: 'false'
k8s-client-qps: '10'
k8s-client-burst: '20'
remove-cilium-node-taints: 'true'
set-cilium-node-taints: 'true'
set-cilium-is-up-condition: 'true'
unmanaged-pod-watcher-interval: '15'
dnsproxy-enable-transparent-mode: 'true'
- dnsproxy-socket-linger-timeout: '10'
tofqdns-dns-reject-response-code: refused
tofqdns-enable-dns-compression: 'true'
tofqdns-endpoint-max-ip-per-hostname: '50'
tofqdns-idle-connection-grace-period: 0s
tofqdns-max-deferred-connection-deletes: '10000'
tofqdns-proxy-response-max-delay: 100ms
@@ -132,13 +123,9 @@
proxy-xff-num-trusted-hops-ingress: '0'
proxy-xff-num-trusted-hops-egress: '0'
proxy-connect-timeout: '2'
proxy-max-requests-per-connection: '0'
proxy-max-connection-duration-seconds: '0'
proxy-idle-timeout-seconds: '60'
- external-envoy-proxy: 'true'
- envoy-base-id: '0'
- envoy-keep-cap-netbindservice: 'false'
+ external-envoy-proxy: 'false'
max-connected-clusters: '255'
- clustermesh-enable-endpoint-sync: 'false'
- clustermesh-enable-mcs-api: 'false'
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config
@@ -1,326 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cilium-envoy-config
- namespace: kube-system
-data:
- bootstrap-config.json: |
- {
- "node": {
- "id": "host~127.0.0.1~no-id~localdomain",
- "cluster": "ingress-cluster"
- },
- "staticResources": {
- "listeners": [
- {
- "name": "envoy-prometheus-metrics-listener",
- "address": {
- "socket_address": {
- "address": "0.0.0.0",
- "port_value": 9964
- }
- },
- "filter_chains": [
- {
- "filters": [
- {
- "name": "envoy.filters.network.http_connection_manager",
- "typed_config": {
- "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
- "stat_prefix": "envoy-prometheus-metrics-listener",
- "route_config": {
- "virtual_hosts": [
- {
- "name": "prometheus_metrics_route",
- "domains": [
- "*"
- ],
- "routes": [
- {
- "name": "prometheus_metrics_route",
- "match": {
- "prefix": "/metrics"
- },
- "route": {
- "cluster": "/envoy-admin",
- "prefix_rewrite": "/stats/prometheus"
- }
- }
- ]
- }
- ]
- },
- "http_filters": [
- {
- "name": "envoy.filters.http.router",
- "typed_config": {
- "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
- }
- }
- ],
- "stream_idle_timeout": "0s"
- }
- }
- ]
- }
- ]
- },
- {
- "name": "envoy-health-listener",
- "address": {
- "socket_address": {
- "address": "127.0.0.1",
- "port_value": 9878
- }
- },
- "filter_chains": [
- {
- "filters": [
- {
- "name": "envoy.filters.network.http_connection_manager",
- "typed_config": {
- "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
- "stat_prefix": "envoy-health-listener",
- "route_config": {
- "virtual_hosts": [
- {
- "name": "health",
- "domains": [
- "*"
- ],
- "routes": [
- {
- "name": "health",
- "match": {
- "prefix": "/healthz"
- },
- "route": {
- "cluster": "/envoy-admin",
- "prefix_rewrite": "/ready"
- }
- }
- ]
- }
- ]
- },
- "http_filters": [
- {
- "name": "envoy.filters.http.router",
- "typed_config": {
- "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
- }
- }
- ],
- "stream_idle_timeout": "0s"
- }
- }
- ]
- }
- ]
- }
- ],
- "clusters": [
- {
- "name": "ingress-cluster",
- "type": "ORIGINAL_DST",
- "connectTimeout": "2s",
- "lbPolicy": "CLUSTER_PROVIDED",
- "typedExtensionProtocolOptions": {
- "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
- "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
- "commonHttpProtocolOptions": {
- "idleTimeout": "60s",
- "maxConnectionDuration": "0s",
- "maxRequestsPerConnection": 0
- },
- "useDownstreamProtocolConfig": {}
- }
- },
- "cleanupInterval": "2.500s"
- },
- {
- "name": "egress-cluster-tls",
- "type": "ORIGINAL_DST",
- "connectTimeout": "2s",
- "lbPolicy": "CLUSTER_PROVIDED",
- "typedExtensionProtocolOptions": {
- "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
- "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
- "commonHttpProtocolOptions": {
- "idleTimeout": "60s",
- "maxConnectionDuration": "0s",
- "maxRequestsPerConnection": 0
- },
- "upstreamHttpProtocolOptions": {},
- "useDownstreamProtocolConfig": {}
- }
- },
- "cleanupInterval": "2.500s",
- "transportSocket": {
- "name": "cilium.tls_wrapper",
- "typedConfig": {
- "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
- }
- }
- },
- {
- "name": "egress-cluster",
- "type": "ORIGINAL_DST",
- "connectTimeout": "2s",
- "lbPolicy": "CLUSTER_PROVIDED",
- "typedExtensionProtocolOptions": {
- "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
- "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
- "commonHttpProtocolOptions": {
- "idleTimeout": "60s",
- "maxConnectionDuration": "0s",
- "maxRequestsPerConnection": 0
- },
- "useDownstreamProtocolConfig": {}
- }
- },
- "cleanupInterval": "2.500s"
- },
- {
- "name": "ingress-cluster-tls",
- "type": "ORIGINAL_DST",
- "connectTimeout": "2s",
- "lbPolicy": "CLUSTER_PROVIDED",
- "typedExtensionProtocolOptions": {
- "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
- "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
- "commonHttpProtocolOptions": {
- "idleTimeout": "60s",
- "maxConnectionDuration": "0s",
- "maxRequestsPerConnection": 0
- },
- "upstreamHttpProtocolOptions": {},
- "useDownstreamProtocolConfig": {}
- }
- },
- "cleanupInterval": "2.500s",
- "transportSocket": {
- "name": "cilium.tls_wrapper",
- "typedConfig": {
- "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
- }
- }
- },
- {
- "name": "xds-grpc-cilium",
- "type": "STATIC",
- "connectTimeout": "2s",
- "loadAssignment": {
- "clusterName": "xds-grpc-cilium",
- "endpoints": [
- {
- "lbEndpoints": [
- {
- "endpoint": {
- "address": {
- "pipe": {
- "path": "/var/run/cilium/envoy/sockets/xds.sock"
- }
- }
- }
- }
- ]
- }
- ]
- },
- "typedExtensionProtocolOptions": {
- "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
- "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
- "explicitHttpConfig": {
- "http2ProtocolOptions": {}
- }
- }
- }
- },
- {
- "name": "/envoy-admin",
- "type": "STATIC",
- "connectTimeout": "2s",
- "loadAssignment": {
- "clusterName": "/envoy-admin",
- "endpoints": [
- {
- "lbEndpoints": [
- {
- "endpoint": {
- "address": {
- "pipe": {
- "path": "/var/run/cilium/envoy/sockets/admin.sock"
- }
- }
- }
- }
- ]
- }
- ]
- }
- }
- ]
- },
- "dynamicResources": {
- "ldsConfig": {
- "apiConfigSource": {
- "apiType": "GRPC",
- "transportApiVersion": "V3",
- "grpcServices": [
- {
- "envoyGrpc": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-operator-dashboard
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-operator-dashboard
@@ -11,30 +11,17 @@
grafana_dashboard: '1'
annotations:
grafana_folder: Cilium
data:
cilium-operator-dashboard.json: |
{
- "__inputs": [
- {
- "name": "DS_PROMETHEUS",
- "label": "prometheus",
- "description": "",
- "type": "datasource",
- "pluginId": "prometheus",
- "pluginName": "Prometheus"
- }
- ],
"annotations": {
"list": [
{
"builtIn": 1,
- "datasource": {
- "type": "datasource",
- "uid": "grafana"
- },
+ "datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
@@ -50,16 +37,13 @@
"aliasColors": {
"avg": "#cffaff"
},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -179,16 +163,13 @@
"aliasColors": {
"MAX_resident_memory_bytes_max": "#e5ac0e"
},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -312,16 +293,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -412,16 +390,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -512,16 +487,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -612,16 +584,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -712,16 +681,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -812,16 +778,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
@@ -912,16 +875,13 @@
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
- "datasource": {
- "type": "prometheus",
- "uid": "${DS_PROMETHEUS}"
- },
+ "datasource": "prometheus",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-relay-config
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-relay-config
@@ -6,9 +6,9 @@
namespace: kube-system
data:
config.yaml: "cluster-name: home-cluster\npeer-service: \"hubble-peer.kube-system.svc.cluster.local:443\"\
\nlisten-address: :4245\ngops: true\ngops-port: \"9893\"\ndial-timeout: \nretry-timeout:\
\ \nsort-buffer-len-max: \nsort-buffer-drain-timeout: \ntls-hubble-client-cert-file:\
\ /var/lib/hubble-relay/tls/client.crt\ntls-hubble-client-key-file: /var/lib/hubble-relay/tls/client.key\n\
- tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\n\n\
- disable-server-tls: true\n"
+ tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\ndisable-server-tls:\
+ \ true\n"
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dashboard
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dashboard
@@ -9,1059 +9,3240 @@
app.kubernetes.io/name: hubble
app.kubernetes.io/part-of: cilium
grafana_dashboard: '1'
annotations:
grafana_folder: Cilium
data:
- hubble-dashboard.json: "{\n \"__inputs\": [\n { \n \"name\": \"DS_PROMETHEUS\"\
- ,\n \"label\": \"prometheus\",\n \"description\": \"\",\n \"type\"\
- : \"datasource\",\n \"pluginId\": \"prometheus\",\n \"pluginName\":\
- \ \"Prometheus\"\n }\n ],\n \"annotations\": {\n \"list\": [\n {\n\
- \ \"builtIn\": 1,\n \"datasource\": \"-- Grafana --\",\n \
- \ \"enable\": true,\n \"hide\": true,\n \"iconColor\": \"rgba(0,\
- \ 211, 255, 1)\",\n \"name\": \"Annotations & Alerts\",\n \"type\"\
- : \"dashboard\"\n }\n ]\n },\n \"editable\": true,\n \"gnetId\": null,\n\
- \ \"graphTooltip\": 0,\n \"id\": 3,\n \"links\": [],\n \"panels\": [\n \
- \ {\n \"collapsed\": false,\n \"gridPos\": {\n \"h\": 1,\n \
- \ \"w\": 24,\n \"x\": 0,\n \"y\": 0\n },\n \"id\"\
- : 14,\n \"panels\": [],\n \"title\": \"General Processing\",\n \
- \ \"type\": \"row\"\n },\n {\n \"aliasColors\": {},\n \"bars\"\
- : false,\n \"dashLength\": 10,\n \"dashes\": false,\n \"datasource\"\
- : {\n \"type\": \"prometheus\",\n \"uid\": \"${DS_PROMETHEUS}\"\n\
- \ },\n \"fill\": 1,\n \"gridPos\": {\n \"h\": 5,\n \
- \ \"w\": 12,\n \"x\": 0,\n \"y\": 1\n },\n \"id\": 12,\n\
- \ \"legend\": {\n \"avg\": false,\n \"current\": false,\n \
- \ \"max\": false,\n \"min\": false,\n \"show\": true,\n \
- \ \"total\": false,\n \"values\": false\n },\n \"lines\"\
- : true,\n \"linewidth\": 1,\n \"links\": [],\n \"nullPointMode\"\
- : \"null\",\n \"options\": {},\n \"percentage\": false,\n \"pointradius\"\
- : 2,\n \"points\": false,\n \"renderer\": \"flot\",\n \"seriesOverrides\"\
- : [\n {\n \"alias\": \"max\",\n \"fillBelowTo\": \"avg\"\
- ,\n \"lines\": false\n },\n {\n \"alias\": \"\
- avg\",\n \"fill\": 0,\n \"fillBelowTo\": \"min\"\n },\n\
- \ {\n \"alias\": \"min\",\n \"lines\": false\n \
- \ }\n ],\n \"spaceLength\": 10,\n \"stack\": false,\n \"\
- steppedLine\": false,\n \"targets\": [\n {\n \"expr\": \"\
- avg(sum(rate(hubble_flows_processed_total[1m])) by (pod))\",\n \"format\"\
- : \"time_series\",\n \"intervalFactor\": 1,\n \"legendFormat\"\
- : \"avg\",\n \"refId\": \"A\"\n },\n {\n \"expr\"\
- : \"min(sum(rate(hubble_flows_processed_total[1m])) by (pod))\",\n \"\
- format\": \"time_series\",\n \"intervalFactor\": 1,\n \"legendFormat\"\
- : \"min\",\n \"refId\": \"B\"\n },\n {\n \"expr\"\
- : \"max(sum(rate(hubble_flows_processed_total[1m])) by (pod))\",\n \"\
- format\": \"time_series\",\n \"intervalFactor\": 1,\n \"legendFormat\"\
- : \"max\",\n \"refId\": \"C\"\n }\n ],\n \"thresholds\"\
- : [],\n \"timeFrom\": null,\n \"timeRegions\": [],\n \"timeShift\"\
- : null,\n \"title\": \"Flows processed Per Node\",\n \"tooltip\": {\n\
- \ \"shared\": true,\n \"sort\": 1,\n \"value_type\": \"individual\"\
- \n },\n \"type\": \"graph\",\n \"xaxis\": {\n \"buckets\"\
- : null,\n \"mode\": \"time\",\n \"name\": null,\n \"show\"\
- : true,\n \"values\": []\n },\n \"yaxes\": [\n {\n \
- \ \"format\": \"ops\",\n \"label\": null,\n \"logBase\"\
- : 1,\n \"max\": null,\n \"min\": null,\n \"show\":\
- \ true\n },\n {\n \"format\": \"short\",\n \"\
- label\": null,\n \"logBase\": 1,\n \"max\": null,\n \
- \ \"min\": null,\n \"show\": true\n }\n ],\n \"yaxis\"\
- : {\n \"align\": false,\n \"alignLevel\": null\n }\n },\n\
- \ {\n \"aliasColors\": {},\n \"bars\": false,\n \"dashLength\"\
- : 10,\n \"dashes\": false,\n \"datasource\": {\n \"type\": \"\
- prometheus\",\n \"uid\": \"${DS_PROMETHEUS}\"\n },\n \"fill\"\
- : 1,\n \"gridPos\": {\n \"h\": 5,\n \"w\": 12,\n \"\
- x\": 12,\n \"y\": 1\n },\n \"id\": 32,\n \"legend\": {\n\
- \ \"avg\": false,\n \"current\": false,\n \"max\": false,\n\
- \ \"min\": false,\n \"show\": true,\n \"total\": false,\n\
- \ \"values\": false\n },\n \"lines\": true,\n \"linewidth\"\
- : 1,\n \"links\": [],\n \"nullPointMode\": \"null\",\n \"options\"\
- : {},\n \"percentage\": false,\n \"pointradius\": 2,\n \"points\"\
- : false,\n \"renderer\": \"flot\",\n \"seriesOverrides\": [],\n \
- \ \"spaceLength\": 10,\n \"stack\": true,\n \"steppedLine\": false,\n\
- \ \"targets\": [\n {\n \"expr\": \"sum(rate(hubble_flows_processed_total[1m]))\
- \ by (pod, type)\",\n \"format\": \"time_series\",\n \"intervalFactor\"\
- : 1,\n \"legendFormat\": \"{{type}}\",\n \"refId\": \"A\"\n\
- \ }\n ],\n \"thresholds\": [],\n \"timeFrom\": null,\n \
- \ \"timeRegions\": [],\n \"timeShift\": null,\n \"title\": \"Flows\
- \ Types\",\n \"tooltip\": {\n \"shared\": true,\n \"sort\"\
- : 2,\n \"value_type\": \"individual\"\n },\n \"type\": \"graph\"\
- ,\n \"xaxis\": {\n \"buckets\": null,\n \"mode\": \"time\"\
- ,\n \"name\": null,\n \"show\": true,\n \"values\": []\n\
- \ },\n \"yaxes\": [\n {\n \"format\": \"ops\",\n \
- \ \"label\": null,\n \"logBase\": 1,\n \"max\": null,\n\
- \ \"min\": null,\n \"show\": true\n },\n {\n \
- \ \"format\": \"short\",\n \"label\": null,\n \"logBase\"\
- : 1,\n \"max\": null,\n \"min\": null,\n \"show\":\
- \ true\n }\n ],\n \"yaxis\": {\n \"align\": false,\n \
- \ \"alignLevel\": null\n }\n },\n {\n \"aliasColors\": {},\n\
- \ \"bars\": false,\n \"dashLength\": 10,\n \"dashes\": false,\n\
- \ \"datasource\": {\n \"type\": \"prometheus\",\n \"uid\":\
- \ \"${DS_PROMETHEUS}\"\n },\n \"fill\": 1,\n \"gridPos\": {\n \
- \ \"h\": 5,\n \"w\": 12,\n \"x\": 0,\n \"y\": 6\n \
- \ },\n \"id\": 59,\n \"legend\": {\n \"avg\": false,\n \
- \ \"current\": false,\n \"max\": false,\n \"min\": false,\n\
- \ \"show\": true,\n \"total\": false,\n \"values\": false\n\
- \ },\n \"lines\": true,\n \"linewidth\": 1,\n \"links\": [],\n\
- \ \"nullPointMode\": \"null\",\n \"options\": {},\n \"percentage\"\
- : false,\n \"pointradius\": 2,\n \"points\": false,\n \"renderer\"\
- : \"flot\",\n \"seriesOverrides\": [],\n \"spaceLength\": 10,\n \
- \ \"stack\": true,\n \"steppedLine\": false,\n \"targets\": [\n \
- \ {\n \"expr\": \"sum(rate(hubble_flows_processed_total{type=\\\"\
- L7\\\"}[1m])) by (pod, subtype)\",\n \"format\": \"time_series\",\n \
- \ \"intervalFactor\": 1,\n \"legendFormat\": \"{{subtype}}\"\
- ,\n \"refId\": \"A\"\n }\n ],\n \"thresholds\": [],\n\
- \ \"timeFrom\": null,\n \"timeRegions\": [],\n \"timeShift\": null,\n\
- \ \"title\": \"L7 Flow Distribution\",\n \"tooltip\": {\n \"\
- shared\": true,\n \"sort\": 2,\n \"value_type\": \"individual\"\n\
- \ },\n \"type\": \"graph\",\n \"xaxis\": {\n \"buckets\"\
- : null,\n \"mode\": \"time\",\n \"name\": null,\n \"show\"\
- : true,\n \"values\": []\n },\n \"yaxes\": [\n {\n \
- \ \"format\": \"ops\",\n \"label\": null,\n \"logBase\"\
- : 1,\n \"max\": null,\n \"min\": null,\n \"show\":\
- \ true\n },\n {\n \"format\": \"short\",\n \"\
- label\": null,\n \"logBase\": 1,\n \"max\": null,\n \
- \ \"min\": null,\n \"show\": true\n }\n ],\n \"yaxis\"\
- : {\n \"align\": false,\n \"alignLevel\": null\n }\n },\n\
- \ {\n \"aliasColors\": {},\n \"bars\": false,\n \"dashLength\"\
- : 10,\n \"dashes\": false,\n \"datasource\": {\n \"type\": \"\
- prometheus\",\n \"uid\": \"${DS_PROMETHEUS}\"\n },\n \"fill\"\
- : 1,\n \"gridPos\": {\n \"h\": 5,\n \"w\": 12,\n \"\
- x\": 12,\n \"y\": 6\n },\n \"id\": 60,\n \"legend\": {\n\
- \ \"avg\": false,\n \"current\": false,\n \"max\": false,\n\
- \ \"min\": false,\n \"show\": true,\n \"total\": false,\n\
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dns-namespace
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dns-namespace
@@ -193,15 +193,15 @@
\ ],\n \"refresh\": \"\",\n \"revision\": 1,\n \"schemaVersion\": 38,\n\
\ \"style\": \"dark\",\n \"tags\": [\n \"kubecon-demo\"\n ],\n \
\ \"templating\": {\n \"list\": [\n {\n \"current\": {\n\
\ \"selected\": false,\n \"text\": \"default\",\n \
\ \"value\": \"default\"\n },\n \"hide\": 0,\n \
\ \"includeAll\": false,\n \"label\": \"Data Source\",\n \"\
- multi\": false,\n \"name\": \"DS_PROMETHEUS\",\n \"options\"\
- : [],\n \"query\": \"prometheus\",\n \"queryValue\": \"\",\n\
- \ \"refresh\": 1,\n \"regex\": \"(?!grafanacloud-usage|grafanacloud-ml-metrics).+\"\
+ multi\": false,\n \"name\": \"prometheus_datasource\",\n \"\
+ options\": [],\n \"query\": \"prometheus\",\n \"queryValue\"\
+ : \"\",\n \"refresh\": 1,\n \"regex\": \"(?!grafanacloud-usage|grafanacloud-ml-metrics).+\"\
,\n \"skipUrlSync\": false,\n \"type\": \"datasource\"\n \
\ },\n {\n \"current\": {},\n \"datasource\": {\n\
\ \"type\": \"prometheus\",\n \"uid\": \"${DS_PROMETHEUS}\"\
\n },\n \"definition\": \"label_values(cilium_version, cluster)\"\
,\n \"hide\": 0,\n \"includeAll\": true,\n \"multi\"\
: true,\n \"name\": \"cluster\",\n \"options\": [],\n \
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-l7-http-metrics-by-workload
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-l7-http-metrics-by-workload
@@ -11,22 +11,13 @@
grafana_dashboard: '1'
annotations:
grafana_folder: Cilium
data:
hubble-l7-http-metrics-by-workload.json: |
{
- "__inputs": [
- {
- "name": "DS_PROMETHEUS",
- "label": "prometheus",
- "description": "",
- "type": "datasource",
- "pluginId": "prometheus",
- "pluginName": "Prometheus"
- }
- ],
+ "__inputs": [],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-network-overview-namespace
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-network-overview-namespace
@@ -349,15 +349,15 @@
\ \"refresh\": \"\",\n \"revision\": 1,\n \"schemaVersion\": 38,\n \
\ \"style\": \"dark\",\n \"tags\": [\n \"kubecon-demo\"\n ],\n \
\ \"templating\": {\n \"list\": [\n {\n \"current\": {\n\
\ \"selected\": false,\n \"text\": \"default\",\n \
\ \"value\": \"default\"\n },\n \"hide\": 0,\n \
\ \"includeAll\": false,\n \"label\": \"Data Source\",\n \"\
- multi\": false,\n \"name\": \"DS_PROMETHEUS\",\n \"options\"\
- : [],\n \"query\": \"prometheus\",\n \"queryValue\": \"\",\n\
- \ \"refresh\": 1,\n \"regex\": \"(?!grafanacloud-usage|grafanacloud-ml-metrics).+\"\
+ multi\": false,\n \"name\": \"prometheus_datasource\",\n \"\
+ options\": [],\n \"query\": \"prometheus\",\n \"queryValue\"\
+ : \"\",\n \"refresh\": 1,\n \"regex\": \"(?!grafanacloud-usage|grafanacloud-ml-metrics).+\"\
,\n \"skipUrlSync\": false,\n \"type\": \"datasource\"\n \
\ },\n {\n \"current\": {},\n \"datasource\": {\n\
\ \"type\": \"prometheus\",\n \"uid\": \"${DS_PROMETHEUS}\"\
\n },\n \"definition\": \"label_values(cilium_version, cluster)\"\
,\n \"hide\": 0,\n \"includeAll\": true,\n \"multi\"\
: true,\n \"name\": \"cluster\",\n \"options\": [],\n \
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium
+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium
@@ -106,12 +106,14 @@
verbs:
- get
- update
- apiGroups:
- cilium.io
resources:
+ - ciliumnetworkpolicies/status
+ - ciliumclusterwidenetworkpolicies/status
- ciliumendpoints/status
- ciliumendpoints
- ciliuml2announcementpolicies/status
- ciliumbgpnodeconfigs/status
verbs:
- patch
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator
+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator
@@ -170,13 +170,12 @@
- ciliumpodippools.cilium.io
- apiGroups:
- cilium.io
resources:
- ciliumloadbalancerippools
- ciliumpodippools
- - ciliumbgppeeringpolicies
- ciliumbgpclusterconfigs
- ciliumbgpnodeconfigoverrides
verbs:
- get
- list
- watch
--- HelmRelease: kube-system/cilium Service: kube-system/cilium-agent
+++ HelmRelease: kube-system/cilium Service: kube-system/cilium-agent
@@ -15,7 +15,11 @@
k8s-app: cilium
ports:
- name: metrics
port: 9962
protocol: TCP
targetPort: prometheus
+ - name: envoy-metrics
+ port: 9964
+ protocol: TCP
+ targetPort: envoy-metrics
--- HelmRelease: kube-system/cilium Service: kube-system/hubble-relay
+++ HelmRelease: kube-system/cilium Service: kube-system/hubble-relay
@@ -12,8 +12,8 @@
type: ClusterIP
selector:
k8s-app: hubble-relay
ports:
- protocol: TCP
port: 80
- targetPort: grpc
+ targetPort: 4245
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
@@ -16,24 +16,24 @@
rollingUpdate:
maxUnavailable: 2
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/cilium-configmap-checksum: 5f8c9149aa365ad843fe56dbdda40baac3b6d16dbea0fdf075d42d021c135399
+ cilium.io/cilium-configmap-checksum: fc26dd6f4eb6e7c545487c8d47f447a63f899b90a571fe2c8d5fa390f3a4ec5c
labels:
k8s-app: cilium
app.kubernetes.io/name: cilium-agent
app.kubernetes.io/part-of: cilium
spec:
securityContext:
appArmorProfile:
type: Unconfined
containers:
- name: cilium-agent
- image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+ image: quay.io/cilium/cilium:v1.15.6@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
imagePullPolicy: IfNotPresent
command:
- cilium-agent
args:
- --config-dir=/tmp/cilium/config-map
startupProbe:
@@ -133,23 +133,24 @@
hostPort: 4244
protocol: TCP
- name: prometheus
containerPort: 9962
hostPort: 9962
protocol: TCP
+ - name: envoy-metrics
+ containerPort: 9964
+ hostPort: 9964
+ protocol: TCP
- name: hubble-metrics
containerPort: 9965
hostPort: 9965
protocol: TCP
securityContext:
privileged: true
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- - name: envoy-sockets
- mountPath: /var/run/cilium/envoy/sockets
- readOnly: false
- name: bpf-maps
mountPath: /sys/fs/bpf
mountPropagation: Bidirectional
- name: cilium-run
mountPath: /var/run/cilium
- name: etc-cni-netd
@@ -166,13 +167,13 @@
mountPath: /var/lib/cilium/tls/hubble
readOnly: true
- name: tmp
mountPath: /tmp
initContainers:
- name: config
- image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+ image: quay.io/cilium/cilium:v1.15.6@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
imagePullPolicy: IfNotPresent
command:
- cilium-dbg
- build-config
env:
- name: K8S_NODE_NAME
@@ -191,13 +192,13 @@
value: '6443'
volumeMounts:
- name: tmp
mountPath: /tmp
terminationMessagePolicy: FallbackToLogsOnError
- name: mount-cgroup
- image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+ image: quay.io/cilium/cilium:v1.15.6@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
imagePullPolicy: IfNotPresent
env:
- name: CGROUP_ROOT
value: /run/cilium/cgroupv2
- name: BIN_PATH
value: /opt/cni/bin
@@ -214,13 +215,13 @@
- name: cni-path
mountPath: /hostbin
terminationMessagePolicy: FallbackToLogsOnError
securityContext:
privileged: true
- name: apply-sysctl-overwrites
- image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+ image: quay.io/cilium/cilium:v1.15.6@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
imagePullPolicy: IfNotPresent
env:
- name: BIN_PATH
value: /opt/cni/bin
command:
- sh
@@ -235,13 +236,13 @@
- name: cni-path
mountPath: /hostbin
terminationMessagePolicy: FallbackToLogsOnError
securityContext:
privileged: true
- name: clean-cilium-state
- image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+ image: quay.io/cilium/cilium:v1.15.6@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
imagePullPolicy: IfNotPresent
command:
- /init-container.sh
env:
- name: CILIUM_ALL_STATE
valueFrom:
@@ -274,13 +275,13 @@
- name: cilium-cgroup
mountPath: /run/cilium/cgroupv2
mountPropagation: HostToContainer
- name: cilium-run
mountPath: /var/run/cilium
- name: install-cni-binaries
- image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+ image: quay.io/cilium/cilium:v1.15.6@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
imagePullPolicy: IfNotPresent
command:
- /install-plugin.sh
resources:
requests:
cpu: 100m
@@ -293,12 +294,13 @@
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- name: cni-path
mountPath: /host/opt/cni/bin
restartPolicy: Always
priorityClassName: system-node-critical
+ serviceAccount: cilium
serviceAccountName: cilium
automountServiceAccountToken: true
terminationGracePeriodSeconds: 1
hostNetwork: true
affinity:
podAntiAffinity:
@@ -342,16 +344,12 @@
hostPath:
path: /lib/modules
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- - name: envoy-sockets
- hostPath:
- path: /var/run/cilium/envoy/sockets
- type: DirectoryOrCreate
- name: clustermesh-secrets
projected:
defaultMode: 256
sources:
- secret:
name: cilium-clustermesh
@@ -363,22 +361,12 @@
- key: tls.key
path: common-etcd-client.key
- key: tls.crt
path: common-etcd-client.crt
- key: ca.crt
path: common-etcd-client-ca.crt
- - secret:
- name: clustermesh-apiserver-local-cert
- optional: true
- items:
- - key: tls.key
- path: local-etcd-client.key
- - key: tls.crt
- path: local-etcd-client.crt
- - key: ca.crt
- path: local-etcd-client-ca.crt
- name: hubble-tls
projected:
defaultMode: 256
sources:
- secret:
name: hubble-server-certs
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy
+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy
@@ -1,171 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: cilium-envoy
- namespace: kube-system
- labels:
- k8s-app: cilium-envoy
- app.kubernetes.io/part-of: cilium
- app.kubernetes.io/name: cilium-envoy
- name: cilium-envoy
-spec:
- selector:
- matchLabels:
- k8s-app: cilium-envoy
- updateStrategy:
- rollingUpdate:
- maxUnavailable: 2
- type: RollingUpdate
- template:
- metadata:
- annotations:
- prometheus.io/port: '9964'
- prometheus.io/scrape: 'true'
- labels:
- k8s-app: cilium-envoy
- name: cilium-envoy
- app.kubernetes.io/name: cilium-envoy
- app.kubernetes.io/part-of: cilium
- spec:
- securityContext:
- appArmorProfile:
- type: Unconfined
- containers:
- - name: cilium-envoy
- image: quay.io/cilium/cilium-envoy:v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51@sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b
- imagePullPolicy: IfNotPresent
- command:
- - /usr/bin/cilium-envoy-starter
- args:
- - --
- - -c /var/run/cilium/envoy/bootstrap-config.json
- - --base-id 0
- - --log-level info
- - --log-format [%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v
- startupProbe:
- httpGet:
- host: 127.0.0.1
- path: /healthz
- port: 9878
- scheme: HTTP
- failureThreshold: 105
- periodSeconds: 2
- successThreshold: 1
- initialDelaySeconds: 5
- livenessProbe:
- httpGet:
- host: 127.0.0.1
- path: /healthz
- port: 9878
- scheme: HTTP
- periodSeconds: 30
- successThreshold: 1
- failureThreshold: 10
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- host: 127.0.0.1
- path: /healthz
- port: 9878
- scheme: HTTP
- periodSeconds: 30
- successThreshold: 1
- failureThreshold: 3
- timeoutSeconds: 5
- env:
- - name: K8S_NODE_NAME
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: spec.nodeName
- - name: CILIUM_K8S_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: KUBERNETES_SERVICE_HOST
- value: ${KUBE_VIP_ADDR}
- - name: KUBERNETES_SERVICE_PORT
- value: '6443'
- ports:
- - name: envoy-metrics
- containerPort: 9964
- hostPort: 9964
- protocol: TCP
- securityContext:
- seLinuxOptions:
- level: s0
- type: spc_t
- capabilities:
- add:
- - NET_ADMIN
- - SYS_ADMIN
- drop:
- - ALL
- terminationMessagePolicy: FallbackToLogsOnError
- volumeMounts:
- - name: envoy-sockets
- mountPath: /var/run/cilium/envoy/sockets
- readOnly: false
- - name: envoy-artifacts
- mountPath: /var/run/cilium/envoy/artifacts
- readOnly: true
- - name: envoy-config
- mountPath: /var/run/cilium/envoy/
- readOnly: true
- - name: bpf-maps
- mountPath: /sys/fs/bpf
- mountPropagation: HostToContainer
- restartPolicy: Always
- priorityClassName: system-node-critical
- serviceAccountName: cilium-envoy
- automountServiceAccountToken: true
- terminationGracePeriodSeconds: 1
- hostNetwork: true
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: cilium.io/no-schedule
- operator: NotIn
- values:
- - 'true'
- podAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- k8s-app: cilium
- topologyKey: kubernetes.io/hostname
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- k8s-app: cilium-envoy
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- tolerations:
- - operator: Exists
- volumes:
- - name: envoy-sockets
- hostPath:
- path: /var/run/cilium/envoy/sockets
- type: DirectoryOrCreate
- - name: envoy-artifacts
- hostPath:
- path: /var/run/cilium/envoy/artifacts
- type: DirectoryOrCreate
- - name: envoy-config
- configMap:
- name: cilium-envoy-config
- defaultMode: 256
- items:
- - key: bootstrap-config.json
- path: bootstrap-config.json
- - name: bpf-maps
- hostPath:
- path: /sys/fs/bpf
- type: DirectoryOrCreate
-
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
@@ -20,22 +20,22 @@
maxSurge: 25%
maxUnavailable: 100%
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/cilium-configmap-checksum: 5f8c9149aa365ad843fe56dbdda40baac3b6d16dbea0fdf075d42d021c135399
+ cilium.io/cilium-configmap-checksum: fc26dd6f4eb6e7c545487c8d47f447a63f899b90a571fe2c8d5fa390f3a4ec5c
labels:
io.cilium/app: operator
name: cilium-operator
app.kubernetes.io/part-of: cilium
app.kubernetes.io/name: cilium-operator
spec:
containers:
- name: cilium-operator
- image: quay.io/cilium/operator-generic:v1.16.0@sha256:d6621c11c4e4943bf2998af7febe05be5ed6fdcf812b27ad4388f47022190316
+ image: quay.io/cilium/operator-generic:v1.15.6@sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d
imagePullPolicy: IfNotPresent
command:
- cilium-operator-generic
args:
- --config-dir=/tmp/cilium/config-map
- --debug=$(CILIUM_DEBUG)
@@ -89,12 +89,13 @@
mountPath: /tmp/cilium/config-map
readOnly: true
terminationMessagePolicy: FallbackToLogsOnError
hostNetwork: true
restartPolicy: Always
priorityClassName: system-cluster-critical
+ serviceAccount: cilium-operator
serviceAccountName: cilium-operator
automountServiceAccountToken: true
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay
+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay
@@ -17,13 +17,13 @@
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/hubble-relay-configmap-checksum: 69e30dec0c0be57e5f35be49d3b9dc513789c37c6c5976f288ad36a6cb24bfb7
+ cilium.io/hubble-relay-configmap-checksum: 2377e902b05fcb5eab2f040823d96bf083593a39234638f79da89f0a3ba15121
labels:
k8s-app: hubble-relay
app.kubernetes.io/name: hubble-relay
app.kubernetes.io/part-of: cilium
spec:
securityContext:
@@ -34,13 +34,13 @@
capabilities:
drop:
- ALL
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- image: quay.io/cilium/hubble-relay:v1.16.0@sha256:33fca7776fc3d7b2abe08873319353806dc1c5e07e12011d7da4da05f836ce8d
+ image: quay.io/cilium/hubble-relay:v1.15.6@sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c
imagePullPolicy: IfNotPresent
command:
- hubble-relay
args:
- serve
ports:
@@ -50,32 +50,30 @@
grpc:
port: 4222
timeoutSeconds: 3
livenessProbe:
grpc:
port: 4222
- timeoutSeconds: 10
- initialDelaySeconds: 10
- periodSeconds: 10
- failureThreshold: 12
+ timeoutSeconds: 3
startupProbe:
grpc:
port: 4222
- initialDelaySeconds: 10
+ timeoutSeconds: 3
failureThreshold: 20
periodSeconds: 3
volumeMounts:
- name: config
mountPath: /etc/hubble-relay
readOnly: true
- name: tls
mountPath: /var/lib/hubble-relay/tls
readOnly: true
terminationMessagePolicy: FallbackToLogsOnError
restartPolicy: Always
priorityClassName: null
+ serviceAccount: hubble-relay
serviceAccountName: hubble-relay
automountServiceAccountToken: false
terminationGracePeriodSeconds: 1
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-ui
+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-ui
@@ -28,17 +28,18 @@
spec:
securityContext:
fsGroup: 1001
runAsGroup: 1001
runAsUser: 1001
priorityClassName: null
+ serviceAccount: hubble-ui
serviceAccountName: hubble-ui
automountServiceAccountToken: true
containers:
- name: frontend
- image: quay.io/cilium/hubble-ui:v0.13.1@sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6
+ image: quay.io/cilium/hubble-ui:v0.13.0@sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8081
livenessProbe:
httpGet:
@@ -53,13 +54,13 @@
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
- name: tmp-dir
mountPath: /tmp
terminationMessagePolicy: FallbackToLogsOnError
- name: backend
- image: quay.io/cilium/hubble-ui-backend:v0.13.1@sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b
+ image: quay.io/cilium/hubble-ui-backend:v0.13.0@sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803
imagePullPolicy: IfNotPresent
env:
- name: EVENTS_SERVER_PORT
value: '8090'
- name: FLOWS_API_ADDR
value: hubble-relay:80
--- HelmRelease: kube-system/cilium ServiceMonitor: kube-system/hubble
+++ HelmRelease: kube-system/cilium ServiceMonitor: kube-system/hubble
@@ -15,13 +15,12 @@
- kube-system
endpoints:
- port: hubble-metrics
interval: 10s
honorLabels: true
path: /metrics
- scheme: http
relabelings:
- replacement: ${1}
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reverts #480