From 19866a48a4a0c75716376cec428595dee8cfea67 Mon Sep 17 00:00:00 2001 From: Marco Hofstetter Date: Wed, 19 Apr 2023 19:13:17 +0200 Subject: [PATCH] cli: adapt helm chart cleanup of deprecated hubble values Deprecated Cilium Helm Chart values have been removed in the PR https://github.com/cilium/cilium/pull/24214. Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble enable`) will break the connectivity from the hubble relay to the peer service (`Failed to create peer client for peers synchronization...`). This will consequently also fail the connectivity tests with the following error: `Timeout waiting for flow listener to become ready`. We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable` to use the same CA cert. Signed-off-by: Marco Hofstetter --- hubble/hubble.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hubble/hubble.go b/hubble/hubble.go index 7e5011d3cb..7ed9cfd6ae 100644 --- a/hubble/hubble.go +++ b/hubble/hubble.go @@ -515,8 +515,16 @@ func (k *K8sHubble) generateManifestsEnable(ctx context.Context, printHelmTempla } helmMapOpts["hubble.enabled"] = "true" - helmMapOpts["hubble.tls.ca.cert"] = certs.EncodeCertBytes(k.certManager.CACertBytes()) - helmMapOpts["hubble.tls.ca.key"] = certs.EncodeCertBytes(k.certManager.CAKeyBytes()) + + switch { + // hubble.tls.* properties have been deprecated in Cilium 1.12.x + case versioncheck.MustCompile("<1.12.0")(ciliumVer): + helmMapOpts["hubble.tls.ca.cert"] = certs.EncodeCertBytes(k.certManager.CACertBytes()) + helmMapOpts["hubble.tls.ca.key"] = certs.EncodeCertBytes(k.certManager.CAKeyBytes()) + default: + helmMapOpts["tls.ca.cert"] = certs.EncodeCertBytes(k.certManager.CACertBytes()) + helmMapOpts["tls.ca.key"] = certs.EncodeCertBytes(k.certManager.CAKeyBytes()) + } if k.params.UI { helmMapOpts["hubble.ui.enabled"] = "true"