From 6b499186b08180accf92e2b357ff1fd9491c6ce6 Mon Sep 17 00:00:00 2001
From: peterw <12556909+pedro-peter@users.noreply.github.com>
Date: Tue, 1 Oct 2024 06:53:49 +0100
Subject: [PATCH] add cilium hubble-ui enable flag (#10939)

---
 inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml  | 3 +++
 roles/network_plugin/cilium/defaults/main.yml               | 2 ++
 roles/network_plugin/cilium/templates/hubble/cr.yml.j2      | 2 ++
 roles/network_plugin/cilium/templates/hubble/crb.yml.j2     | 2 ++
 roles/network_plugin/cilium/templates/hubble/deploy.yml.j2  | 2 ++
 roles/network_plugin/cilium/templates/hubble/sa.yml.j2      | 2 ++
 roles/network_plugin/cilium/templates/hubble/service.yml.j2 | 2 ++
 7 files changed, 15 insertions(+)

diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
index da56c46e3..18fc65f97 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
@@ -152,6 +152,9 @@ cilium_l2announcements: false
 # Hubble
 ### Enable Hubble without install
 # cilium_enable_hubble: false
+### Enable Hubble-ui
+### Installed by default when hubble is enabled. To disable set to false
+# cilium_enable_hubble_ui: "{{ cilium_enable_hubble }}
 ### Enable Hubble Metrics
 # cilium_enable_hubble_metrics: false
 ### if cilium_enable_hubble_metrics: true
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index fae0ceeae..c55bdddcf 100644
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -144,6 +144,8 @@ cilium_ip_masq_resync_interval: 60s
 # Hubble
 ### Enable Hubble without install
 cilium_enable_hubble: false
+### Enable Hubble-ui
+cilium_enable_hubble_ui: "{{ cilium_enable_hubble }}"
 ### Enable Hubble Metrics
 cilium_enable_hubble_metrics: false
 ### if cilium_enable_hubble_metrics: true
diff --git a/roles/network_plugin/cilium/templates/hubble/cr.yml.j2 b/roles/network_plugin/cilium/templates/hubble/cr.yml.j2
index 4a95565d2..ee974b5e3 100644
--- a/roles/network_plugin/cilium/templates/hubble/cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/cr.yml.j2
@@ -60,6 +60,7 @@ rules:
       - get
       - list
       - watch
+{% if cilium_enable_hubble_ui %}
 ---
 # Source: cilium/templates/hubble-ui-clusterrole.yaml
 kind: ClusterRole
@@ -104,3 +105,4 @@ rules:
       - get
       - list
       - watch
+{% endif %}
diff --git a/roles/network_plugin/cilium/templates/hubble/crb.yml.j2 b/roles/network_plugin/cilium/templates/hubble/crb.yml.j2
index f033429ce..e5b8976e8 100644
--- a/roles/network_plugin/cilium/templates/hubble/crb.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/crb.yml.j2
@@ -28,6 +28,7 @@ subjects:
 - kind: ServiceAccount
   namespace: kube-system
   name: hubble-relay
+{% if cilium_enable_hubble_ui %}
 ---
 # Source: cilium/templates/hubble-ui-clusterrolebinding.yaml
 kind: ClusterRoleBinding
@@ -42,3 +43,4 @@ subjects:
 - kind: ServiceAccount
   namespace: kube-system
   name: hubble-ui
+{% endif %}
diff --git a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
index f0153d64d..fbd3b2fa8 100644
--- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
@@ -104,6 +104,7 @@ spec:
         name: tls
       {%- endif %}
 
+{% if cilium_enable_hubble_ui %}
 ---
 # Source: cilium/templates/hubble-ui/deployment.yaml
 kind: Deployment
@@ -195,3 +196,4 @@ spec:
           name: tls
         - emptyDir: {}
           name: tmp-dir
+{% endif %}
diff --git a/roles/network_plugin/cilium/templates/hubble/sa.yml.j2 b/roles/network_plugin/cilium/templates/hubble/sa.yml.j2
index 9b3203dbd..46de08179 100644
--- a/roles/network_plugin/cilium/templates/hubble/sa.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/sa.yml.j2
@@ -14,6 +14,7 @@ kind: ServiceAccount
 metadata:
   name: hubble-relay
   namespace: kube-system
+{% if cilium_enable_hubble_ui %}
 ---
 # Source: cilium/templates/hubble-ui-serviceaccount.yaml
 apiVersion: v1
@@ -21,3 +22,4 @@ kind: ServiceAccount
 metadata:
   name: hubble-ui
   namespace: kube-system
+{% endif %}
diff --git a/roles/network_plugin/cilium/templates/hubble/service.yml.j2 b/roles/network_plugin/cilium/templates/hubble/service.yml.j2
index 48e90b825..982487cb0 100644
--- a/roles/network_plugin/cilium/templates/hubble/service.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/service.yml.j2
@@ -68,6 +68,7 @@ spec:
     {% endif -%}
     targetPort: 4245
 ---
+{% if cilium_enable_hubble_ui %}
 # Source: cilium/templates/hubble-ui-service.yaml
 kind: Service
 apiVersion: v1
@@ -85,6 +86,7 @@ spec:
       targetPort: 8081
   type: ClusterIP
 ---
+{% endif %}
 # Source: cilium/templates/hubble/peer-service.yaml
 apiVersion: v1
 kind: Service
-- 
GitLab