cli: adapt helm chart cleanup of deprecated hubble values

Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter <[email protected]>
cilium · Apr 20, 2023 · 19866a4 · 19866a4
1 parent 9132943
commit 19866a4
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/hubble/hubble.go b/hubble/hubble.go
@@ -515,8 +515,16 @@ func (k *K8sHubble) generateManifestsEnable(ctx context.Context, printHelmTempla
 		}
 
 		helmMapOpts["hubble.enabled"] = "true"
-		helmMapOpts["hubble.tls.ca.cert"] = certs.EncodeCertBytes(k.certManager.CACertBytes())
-		helmMapOpts["hubble.tls.ca.key"] = certs.EncodeCertBytes(k.certManager.CAKeyBytes())
+
+		switch {
+		// hubble.tls.* properties have been deprecated in Cilium 1.12.x
+		case versioncheck.MustCompile("<1.12.0")(ciliumVer):
+			helmMapOpts["hubble.tls.ca.cert"] = certs.EncodeCertBytes(k.certManager.CACertBytes())
+			helmMapOpts["hubble.tls.ca.key"] = certs.EncodeCertBytes(k.certManager.CAKeyBytes())
+		default:
+			helmMapOpts["tls.ca.cert"] = certs.EncodeCertBytes(k.certManager.CACertBytes())
+			helmMapOpts["tls.ca.key"] = certs.EncodeCertBytes(k.certManager.CAKeyBytes())
+		}
 
 		if k.params.UI {
 			helmMapOpts["hubble.ui.enabled"] = "true"