alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
gitea-bot
2025-12-04 04:54:08 +00:00
parent dad1b4623c
commit bfe0e18539
2066 changed files with 378996 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
clusters/cl01tl/manifests/cilium/Deployment-hubble-relay.yml Normal file
View File

@@ -0,0 +1,128 @@
---
# Source: cilium/charts/cilium/templates/hubble-relay/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hubble-relay
namespace: kube-system
labels:
k8s-app: hubble-relay
app.kubernetes.io/name: hubble-relay
app.kubernetes.io/part-of: cilium
spec:
replicas: 1
selector:
matchLabels:
k8s-app: hubble-relay
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
labels:
k8s-app: hubble-relay
app.kubernetes.io/name: hubble-relay
app.kubernetes.io/part-of: cilium
spec:
securityContext:
fsGroup: 65532
seccompProfile:
type: RuntimeDefault
containers:
- name: hubble-relay
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
image: "quay.io/cilium/hubble-relay:v1.18.4@sha256:6d350cb1c84b847adb152173debef1f774126c69de21a5921a1e6a23b8779723"
imagePullPolicy: IfNotPresent
command:
- hubble-relay
args:
- serve
ports:
- name: grpc
containerPort: 4245
readinessProbe:
grpc:
port: 4222
timeoutSeconds: 3
# livenessProbe will kill the pod, we should be very conservative
# here on failures since killing the pod should be a last resort, and
# we should provide enough time for relay to retry before killing it.
livenessProbe:
grpc:
port: 4222
timeoutSeconds: 10
# Give relay time to establish connections and make a few retries
# before starting livenessProbes.
initialDelaySeconds: 10
# 10 second * 12 failures = 2 minutes of failure.
# If relay cannot become healthy after 2 minutes, then killing it
# might resolve whatever issue is occurring.
#
# 10 seconds is a reasonable retry period so we can see if it's
# failing regularly or only sporadically.
periodSeconds: 10
failureThreshold: 12
startupProbe:
grpc:
port: 4222
# Give relay time to get it's certs and establish connections and
# make a few retries before starting startupProbes.
initialDelaySeconds: 10
# 20 * 3 seconds = 1 minute of failure before we consider startup as failed.
failureThreshold: 20
# Retry more frequently at startup so that it can be considered started more quickly.
periodSeconds: 3
volumeMounts:
- name: config
mountPath: /etc/hubble-relay
readOnly: true
- name: tls
mountPath: /var/lib/hubble-relay/tls
readOnly: true
terminationMessagePolicy: FallbackToLogsOnError
restartPolicy: Always
priorityClassName:
serviceAccountName: "hubble-relay"
automountServiceAccountToken: false
terminationGracePeriodSeconds: 1
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
k8s-app: cilium
topologyKey: kubernetes.io/hostname
nodeSelector:
kubernetes.io/os: linux
volumes:
- name: config
configMap:
name: hubble-relay-config
items:
- key: config.yaml
path: config.yaml
- name: tls
projected:
# note: the leading zero means this number is in octal representation: do not remove it
defaultMode: 0400
sources:
- secret:
name: hubble-relay-client-certs
items:
- key: tls.crt
path: client.crt
- key: tls.key
path: client.key
- key: ca.crt
path: hubble-server-ca.crt