Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: adapt helm chart cleanup of deprecated hubble values #1520

Merged
merged 1 commit into from
Apr 20, 2023
Merged

cli: adapt helm chart cleanup of deprecated hubble values #1520

merged 1 commit into from
Apr 20, 2023

Conversation

mhofstetter
Copy link
Member

@mhofstetter mhofstetter commented Apr 19, 2023
edited

Deprecated Cilium Helm Chart values have been removed in the PR cilium/cilium#24214 - this change specifically.

Installing Cilium (cilium install --chart-directory install/kubernetes/cilium) & enabling hubble (cilium hubble enable --chart-directory install/kubernetes/cilium) will break the connectivity from the hubble relay to the peer service (Failed to create peer client for peers synchronization...).

This will consequently also fail the connectivity tests with the following error: Timeout waiting for flow listener to become ready.

We need to set tls.ca.cert & tls.ca.key during cilium hubble enable to use the same CA cert.

Occurred in the CIlium Integration Tests of Cilium Proxy where latest Cilium CLI gets used in combination with latest Cilium version: https://github.com/cilium/proxy/actions/runs/4742847574/jobs/8421623603

@mhofstetter mhofstetter temporarily deployed to ci April 19, 2023 17:44 — with GitHub Actions Inactive
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-hubble-peer-tls branch from fede25c to d3fe1c3 Compare April 19, 2023 18:07
@mhofstetter mhofstetter temporarily deployed to ci April 19, 2023 18:07 — with GitHub Actions Inactive
@mhofstetter mhofstetter marked this pull request as ready for review April 19, 2023 18:58
@mhofstetter mhofstetter requested a review from a team as a code owner April 19, 2023 18:58
@mhofstetter mhofstetter requested a review from kaworu April 19, 2023 18:58
@mhofstetter mhofstetter mentioned this pull request Apr 20, 2023
Merged
@mhofstetter
cli: adapt helm chart cleanup of deprecated hubble values
19866a4 
Deprecated Cilium Helm Chart values have been removed in the PR
cilium/cilium#24214.

Installing Cilium (`cilium install`) & enabling hubble (`cilium hubble
enable`) will break the connectivity from the hubble relay to the peer
service (`Failed to create peer client for peers synchronization...`).

This will consequently also fail the connectivity tests with the following
error: `Timeout waiting for flow listener to become ready`.

We need to set `tls.ca.cert` & `tls.ca.key` during `cilium hubble enable`
to use the same CA cert.

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter mhofstetter force-pushed the pr/mhofstetter/fix-hubble-peer-tls branch from d3fe1c3 to 19866a4 Compare April 20, 2023 13:34
@mhofstetter mhofstetter temporarily deployed to ci April 20, 2023 13:34 — with GitHub Actions Inactive
kaworu
kaworu approved these changes Apr 20, 2023
View reviewed changes
Copy link
Member

@kaworu kaworu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mhofstetter patch LGTM!

@tklauser tklauser merged commit 3405604 into cilium:main Apr 20, 2023
12 checks passed
@mhofstetter mhofstetter deleted the pr/mhofstetter/fix-hubble-peer-tls branch April 20, 2023 14:34
@ZhongRuoyu ZhongRuoyu mentioned this pull request Apr 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaworu kaworu kaworu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mhofstetter @kaworu @tklauser