From 8afd74ce1fcbf56f6d2c43b5ab6b87e4c0e5d9d2 Mon Sep 17 00:00:00 2001
From: Toru Komatsu <k0ma@utam0k.jp>
Date: Fri, 24 Mar 2023 17:10:31 +0900
Subject: [PATCH] cilium: Fix the configuration of tls for hubble (#9880)

Signed-off-by: utam0k <k0ma@utam0k.jp>
---
 .../network_plugin/cilium/templates/hubble/config.yml.j2 | 3 +++
 .../network_plugin/cilium/templates/hubble/deploy.yml.j2 | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/roles/network_plugin/cilium/templates/hubble/config.yml.j2 b/roles/network_plugin/cilium/templates/hubble/config.yml.j2
index 837f0c5b9..c045b4386 100644
--- a/roles/network_plugin/cilium/templates/hubble/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/config.yml.j2
@@ -1,3 +1,4 @@
+#jinja2: trim_blocks:False
 ---
 # Source: cilium helm chart: cilium/templates/hubble-relay/configmap.yaml
 apiVersion: v1
@@ -16,6 +17,8 @@ data:
     sort-buffer-drain-timeout: 
     tls-client-cert-file: /var/lib/hubble-relay/tls/client.crt
     tls-client-key-file: /var/lib/hubble-relay/tls/client.key
+    tls-server-cert-file: /var/lib/hubble-relay/tls/server.crt
+    tls-server-key-file: /var/lib/hubble-relay/tls/server.key
     tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt
     disable-server-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
     disable-client-tls: {% if cilium_hubble_tls_generate %}false{% else %}true{% endif %}
diff --git a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
index 9f4b106af..96d605310 100644
--- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
@@ -79,12 +79,21 @@ spec:
           - secret:
               name: hubble-relay-client-certs
               items:
+                - key: ca.crt
+                  path: hubble-server-ca.crt
                 - key: tls.crt
                   path: client.crt
                 - key: tls.key
                   path: client.key
                 - key: ca.crt
                   path: hubble-server-ca.crt
+          - secret:
+              name: hubble-server-certs
+              items:
+                - key: tls.crt
+                  path: server.crt
+                - key: tls.key
+                  path: server.key
         name: tls
 ---
 # Source: cilium/templates/hubble-ui/deployment.yaml
-- 
GitLab