70 lines
2.2 KiB
YAML
70 lines
2.2 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: hubble-generate-certs
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: hubble-generate-certs
|
|
app.kubernetes.io/name: hubble-generate-certs
|
|
app.kubernetes.io/part-of: cilium
|
|
annotations:
|
|
"helm.sh/hook": post-install,post-upgrade
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: hubble-generate-certs
|
|
spec:
|
|
securityContext:
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: certgen
|
|
image: "quay.io/cilium/certgen:v0.2.4@sha256:de7b97b1d19a34b674d0c4bc1da4db999f04ae355923a9a994ac3a81e1a1b5ff"
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
allowPrivilegeEscalation: false
|
|
command:
|
|
- "/usr/bin/cilium-certgen"
|
|
args:
|
|
- "--ca-generate=true"
|
|
- "--ca-reuse-secret"
|
|
- "--ca-secret-namespace=kube-system"
|
|
- "--ca-secret-name=cilium-ca"
|
|
- "--ca-common-name=Cilium CA"
|
|
env:
|
|
- name: CILIUM_CERTGEN_CONFIG
|
|
value: |
|
|
certs:
|
|
- name: hubble-server-certs
|
|
namespace: kube-system
|
|
commonName: "*.default.hubble-grpc.cilium.io"
|
|
hosts:
|
|
- "*.default.hubble-grpc.cilium.io"
|
|
usage:
|
|
- signing
|
|
- key encipherment
|
|
- server auth
|
|
- client auth
|
|
validity: 8760h
|
|
- name: hubble-relay-client-certs
|
|
namespace: kube-system
|
|
commonName: "*.hubble-relay.cilium.io"
|
|
hosts:
|
|
- "*.hubble-relay.cilium.io"
|
|
usage:
|
|
- signing
|
|
- key encipherment
|
|
- client auth
|
|
validity: 8760h
|
|
hostNetwork: false
|
|
serviceAccount: "hubble-generate-certs"
|
|
serviceAccountName: "hubble-generate-certs"
|
|
automountServiceAccountToken: true
|
|
restartPolicy: OnFailure
|
|
affinity:
|
|
ttlSecondsAfterFinished: 1800
|