gitea-bot
41664cb970
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #3731 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
65 lines
2.0 KiB
YAML
65 lines
2.0 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: hubble-generate-certs-e8c5d08cb8
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: hubble-generate-certs
|
|
app.kubernetes.io/name: hubble-generate-certs
|
|
app.kubernetes.io/part-of: cilium
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: hubble-generate-certs
|
|
spec:
|
|
securityContext:
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: certgen
|
|
image: "quay.io/cilium/certgen:v0.3.2@sha256:19921f48ee7e2295ea4dca955878a6cd8d70e6d4219d08f688e866ece9d95d4d"
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
allowPrivilegeEscalation: false
|
|
command:
|
|
- "/usr/bin/cilium-certgen"
|
|
args:
|
|
- "--ca-generate=true"
|
|
- "--ca-reuse-secret"
|
|
- "--ca-secret-namespace=kube-system"
|
|
- "--ca-secret-name=cilium-ca"
|
|
- "--ca-common-name=Cilium CA"
|
|
env:
|
|
- name: CILIUM_CERTGEN_CONFIG
|
|
value: |
|
|
certs:
|
|
- name: hubble-server-certs
|
|
namespace: kube-system
|
|
commonName: "*.default.hubble-grpc.cilium.io"
|
|
hosts:
|
|
- "*.default.hubble-grpc.cilium.io"
|
|
usage:
|
|
- signing
|
|
- key encipherment
|
|
- server auth
|
|
- client auth
|
|
validity: 8760h
|
|
- name: hubble-relay-client-certs
|
|
namespace: kube-system
|
|
commonName: "*.hubble-relay.cilium.io"
|
|
hosts:
|
|
- "*.hubble-relay.cilium.io"
|
|
usage:
|
|
- signing
|
|
- key encipherment
|
|
- client auth
|
|
validity: 8760h
|
|
hostNetwork: false
|
|
serviceAccountName: "hubble-generate-certs"
|
|
automountServiceAccountToken: true
|
|
restartPolicy: OnFailure
|