mirror of
https://github.com/bitnami/charts.git
synced 2026-02-10 20:27:38 +08:00
[bitnami/cilium] Add init-container on UI to wait for Hubble Relay (#29207)
This commit is contained in:
Juan Ariza Toledano
committed by
GitHub
GitHub
parent
2b42eb7ab7
commit
e007f6948d
@@ -1,8 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## 1.2.0 (2024-09-05)
|
||||
|
||||
* [bitnami/cilium] Add init-container on UI to wait for Hubble Relay ([#29207](https://github.com/bitnami/charts/pull/29207))
|
||||
|
||||
## 1.1.0 (2024-09-04)
|
||||
|
||||
* [bitnami/cilium] Add init-container on Relay to wait for Hubble Peers ([#29191](https://github.com/bitnami/charts/pull/29191))
|
||||
* [bitnami/cilium] Add init-container on Relay to wait for Hubble Peers (#29191) ([02cdc02](https://github.com/bitnami/charts/commit/02cdc02d2b6e121ecd4caf558aa1bb17791cd90e)), closes [#29191](https://github.com/bitnami/charts/issues/29191)
|
||||
|
||||
## <small>1.0.20 (2024-08-29)</small>
|
||||
|
||||
|
||||
@@ -52,4 +52,4 @@ sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/hubble-relay
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui-backend
|
||||
version: 1.1.0
|
||||
version: 1.2.0
|
||||
|
||||
@@ -928,148 +928,160 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
|
||||
|
||||
### Hubble UI Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
|
||||
| `hubble.ui.enabled` | Enable Hubble UI | `false` |
|
||||
| `hubble.ui.frontend.image.registry` | Hubble UI image registry | `REGISTRY_NAME` |
|
||||
| `hubble.ui.frontend.image.repository` | Hubble UI image repository | `REPOSITORY_NAME/hubble-ui` |
|
||||
| `hubble.ui.frontend.image.digest` | Hubble UI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
|
||||
| `hubble.ui.frontend.image.pullPolicy` | Hubble UI image pull policy | `IfNotPresent` |
|
||||
| `hubble.ui.frontend.image.pullSecrets` | Hubble UI image pull secrets | `[]` |
|
||||
| `hubble.ui.frontend.image.debug` | Enable Hubble UI image debug mode | `false` |
|
||||
| `hubble.ui.frontend.containerPorts.http` | Hubble UI frontend HTTP container port | `8081` |
|
||||
| `hubble.ui.frontend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI frontend containers | `[]` |
|
||||
| `hubble.ui.frontend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI frontend containers | `true` |
|
||||
| `hubble.ui.frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `hubble.ui.frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `hubble.ui.frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` |
|
||||
| `hubble.ui.frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `hubble.ui.frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `hubble.ui.frontend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI frontend containers | `true` |
|
||||
| `hubble.ui.frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `hubble.ui.frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `hubble.ui.frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `hubble.ui.frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `hubble.ui.frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `hubble.ui.frontend.startupProbe.enabled` | Enable startupProbe on Hubble UI frontend containers | `false` |
|
||||
| `hubble.ui.frontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
|
||||
| `hubble.ui.frontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` |
|
||||
| `hubble.ui.frontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `hubble.ui.frontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` |
|
||||
| `hubble.ui.frontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `hubble.ui.frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.frontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.frontend.resourcesPreset` | Set Hubble UI frontend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.frontend.resources is set (hubble.ui.frontend.resources is recommended for production). | `nano` |
|
||||
| `hubble.ui.frontend.resources` | Set Hubble UI frontend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.enabled` | Enabled Hubble UI frontend container' Security Context | `true` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI frontend container | `{}` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI frontend container' Security Context | `1001` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI frontend container' Security Context | `1001` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI frontend container' Security Context | `true` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI frontend container' Security Context | `true` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.privileged` | Set privileged in Hubble UI frontend container' Security Context | `false` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI frontend container' Security Context | `false` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI frontend container | `["ALL"]` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI frontend container | `RuntimeDefault` |
|
||||
| `hubble.ui.frontend.enableIPv6` | Enable IPv6 for Hubble UI frontend | `false` |
|
||||
| `hubble.ui.frontend.serverBlock` | Custom server block to be used to configure NGINX (ignored if existingServerBlockConfigmap is set) | `""` |
|
||||
| `hubble.ui.frontend.existingServerBlockConfigmap` | ConfigMap with custom server block to be used to configure NGINX | `""` |
|
||||
| `hubble.ui.frontend.command` | Override default Hubble UI frontend container command (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.frontend.args` | Override default Hubble UI frontend container args (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.frontend.lifecycleHooks` | for Hubble UI frontend containers to automate configuration before or after startup | `{}` |
|
||||
| `hubble.ui.frontend.extraEnvVars` | Array with extra environment variables to add to Hubble UI frontend containers | `[]` |
|
||||
| `hubble.ui.frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI frontend containers | `""` |
|
||||
| `hubble.ui.frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI frontend containers | `""` |
|
||||
| `hubble.ui.frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI frontend containers | `[]` |
|
||||
| `hubble.ui.backend.image.registry` | Hubble UI Backend image registry | `REGISTRY_NAME` |
|
||||
| `hubble.ui.backend.image.repository` | Hubble UI Backend image repository | `REPOSITORY_NAME/hubble-ui-backend` |
|
||||
| `hubble.ui.backend.image.digest` | Hubble UI Backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
|
||||
| `hubble.ui.backend.image.pullPolicy` | Hubble UI Backend image pull policy | `IfNotPresent` |
|
||||
| `hubble.ui.backend.image.pullSecrets` | Hubble UI Backend image pull secrets | `[]` |
|
||||
| `hubble.ui.backend.containerPorts.http` | Hubble UI backend HTTP container port | `8090` |
|
||||
| `hubble.ui.backend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI backend containers | `[]` |
|
||||
| `hubble.ui.backend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI backend containers | `true` |
|
||||
| `hubble.ui.backend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `hubble.ui.backend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `hubble.ui.backend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` |
|
||||
| `hubble.ui.backend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `hubble.ui.backend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `hubble.ui.backend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI backend containers | `true` |
|
||||
| `hubble.ui.backend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `hubble.ui.backend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `hubble.ui.backend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `hubble.ui.backend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `hubble.ui.backend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `hubble.ui.backend.startupProbe.enabled` | Enable startupProbe on Hubble UI backend containers | `false` |
|
||||
| `hubble.ui.backend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
|
||||
| `hubble.ui.backend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` |
|
||||
| `hubble.ui.backend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `hubble.ui.backend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` |
|
||||
| `hubble.ui.backend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `hubble.ui.backend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.backend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.backend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.backend.resourcesPreset` | Set Hubble UI backend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.backend.resources is set (hubble.ui.backend.resources is recommended for production). | `nano` |
|
||||
| `hubble.ui.backend.resources` | Set Hubble UI backend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `hubble.ui.backend.containerSecurityContext.enabled` | Enabled Hubble UI backend container' Security Context | `true` |
|
||||
| `hubble.ui.backend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI backend container | `{}` |
|
||||
| `hubble.ui.backend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI backend container' Security Context | `1001` |
|
||||
| `hubble.ui.backend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI backend container' Security Context | `1001` |
|
||||
| `hubble.ui.backend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI backend container' Security Context | `true` |
|
||||
| `hubble.ui.backend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI backend container' Security Context | `true` |
|
||||
| `hubble.ui.backend.containerSecurityContext.privileged` | Set privileged in Hubble UI backend container' Security Context | `false` |
|
||||
| `hubble.ui.backend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI backend container' Security Context | `false` |
|
||||
| `hubble.ui.backend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI backend container | `["ALL"]` |
|
||||
| `hubble.ui.backend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI backend container | `RuntimeDefault` |
|
||||
| `hubble.ui.backend.command` | Override default Hubble UI backend container command (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.backend.args` | Override default Hubble UI backend container args (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.backend.lifecycleHooks` | for Hubble UI backend containers to automate configuration before or after startup | `{}` |
|
||||
| `hubble.ui.backend.extraEnvVars` | Array with extra environment variables to add to Hubble UI backend containers | `[]` |
|
||||
| `hubble.ui.backend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI backend containers | `""` |
|
||||
| `hubble.ui.backend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI backend containers | `""` |
|
||||
| `hubble.ui.backend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI backend containers | `[]` |
|
||||
| `hubble.ui.replicaCount` | Number of Hubble UI replicas to deploy | `1` |
|
||||
| `hubble.ui.podSecurityContext.enabled` | Enable Hubble UI pods' Security Context | `true` |
|
||||
| `hubble.ui.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy for Hubble UI pods | `Always` |
|
||||
| `hubble.ui.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface for Hubble UI pods | `[]` |
|
||||
| `hubble.ui.podSecurityContext.supplementalGroups` | Set filesystem extra groups for Hubble UI pods | `[]` |
|
||||
| `hubble.ui.podSecurityContext.fsGroup` | Set fsGroup in Hubble UI pods' Security Context | `1001` |
|
||||
| `hubble.ui.automountServiceAccountToken` | Mount Service Account token in Hubble UI pods | `true` |
|
||||
| `hubble.ui.hostAliases` | Hubble UI pods host aliases | `[]` |
|
||||
| `hubble.ui.deploymentAnnotations` | Annotations for Hubble UI deployment | `{}` |
|
||||
| `hubble.ui.podLabels` | Extra labels for Hubble UI pods | `{}` |
|
||||
| `hubble.ui.podAnnotations` | Annotations for Hubble UI pods | `{}` |
|
||||
| `hubble.ui.podAffinityPreset` | Pod affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `hubble.ui.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `hubble.ui.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `hubble.ui.nodeAffinityPreset.key` | Node label key to match. Ignored if `hubble.ui.affinity` is set | `""` |
|
||||
| `hubble.ui.nodeAffinityPreset.values` | Node label values to match. Ignored if `hubble.ui.affinity` is set | `[]` |
|
||||
| `hubble.ui.affinity` | Affinity for Hubble UI pods assignment | `{}` |
|
||||
| `hubble.ui.nodeSelector` | Node labels for Hubble UI pods assignment | `{}` |
|
||||
| `hubble.ui.tolerations` | Tolerations for Hubble UI pods assignment | `[]` |
|
||||
| `hubble.ui.updateStrategy.type` | Hubble UI deployment strategy type | `RollingUpdate` |
|
||||
| `hubble.ui.priorityClassName` | Hubble UI pods' priorityClassName | `""` |
|
||||
| `hubble.ui.topologySpreadConstraints` | Topology Spread Constraints for Hubble UI pod assignment spread across your cluster among failure-domains | `[]` |
|
||||
| `hubble.ui.schedulerName` | Name of the k8s scheduler (other than default) for Hubble UI pods | `""` |
|
||||
| `hubble.ui.terminationGracePeriodSeconds` | Seconds Hubble UI pods need to terminate gracefully | `""` |
|
||||
| `hubble.ui.extraVolumes` | Optionally specify extra list of additional volumes for the Hubble UI pods | `[]` |
|
||||
| `hubble.ui.sidecars` | Add additional sidecar containers to the Hubble UI pods | `[]` |
|
||||
| `hubble.ui.initContainers` | Add additional init containers to the Hubble UI pods | `[]` |
|
||||
| `hubble.ui.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
|
||||
| `hubble.ui.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
|
||||
| `hubble.ui.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `hubble.ui.pdb.minAvailable` and `hubble.ui.pdb.maxUnavailable` are empty. | `""` |
|
||||
| `hubble.ui.autoscaling.vpa.enabled` | Enable VPA for Hubble UI pods | `false` |
|
||||
| `hubble.ui.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
|
||||
| `hubble.ui.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
|
||||
| `hubble.ui.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
|
||||
| `hubble.ui.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
|
||||
| `hubble.ui.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` |
|
||||
| `hubble.ui.autoscaling.hpa.enabled` | Enable HPA for Hubble UI pods | `false` |
|
||||
| `hubble.ui.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` |
|
||||
| `hubble.ui.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` |
|
||||
| `hubble.ui.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `hubble.ui.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
|
||||
| `hubble.ui.enabled` | Enable Hubble UI | `false` |
|
||||
| `hubble.ui.frontend.image.registry` | Hubble UI image registry | `REGISTRY_NAME` |
|
||||
| `hubble.ui.frontend.image.repository` | Hubble UI image repository | `REPOSITORY_NAME/hubble-ui` |
|
||||
| `hubble.ui.frontend.image.digest` | Hubble UI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
|
||||
| `hubble.ui.frontend.image.pullPolicy` | Hubble UI image pull policy | `IfNotPresent` |
|
||||
| `hubble.ui.frontend.image.pullSecrets` | Hubble UI image pull secrets | `[]` |
|
||||
| `hubble.ui.frontend.image.debug` | Enable Hubble UI image debug mode | `false` |
|
||||
| `hubble.ui.frontend.containerPorts.http` | Hubble UI frontend HTTP container port | `8081` |
|
||||
| `hubble.ui.frontend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI frontend containers | `[]` |
|
||||
| `hubble.ui.frontend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI frontend containers | `true` |
|
||||
| `hubble.ui.frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `hubble.ui.frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `hubble.ui.frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` |
|
||||
| `hubble.ui.frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `hubble.ui.frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `hubble.ui.frontend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI frontend containers | `true` |
|
||||
| `hubble.ui.frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `hubble.ui.frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `hubble.ui.frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `hubble.ui.frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `hubble.ui.frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `hubble.ui.frontend.startupProbe.enabled` | Enable startupProbe on Hubble UI frontend containers | `false` |
|
||||
| `hubble.ui.frontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
|
||||
| `hubble.ui.frontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` |
|
||||
| `hubble.ui.frontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `hubble.ui.frontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` |
|
||||
| `hubble.ui.frontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `hubble.ui.frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.frontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.frontend.resourcesPreset` | Set Hubble UI frontend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.frontend.resources is set (hubble.ui.frontend.resources is recommended for production). | `nano` |
|
||||
| `hubble.ui.frontend.resources` | Set Hubble UI frontend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.enabled` | Enabled Hubble UI frontend container' Security Context | `true` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI frontend container | `{}` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI frontend container' Security Context | `1001` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI frontend container' Security Context | `1001` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI frontend container' Security Context | `true` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI frontend container' Security Context | `true` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.privileged` | Set privileged in Hubble UI frontend container' Security Context | `false` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI frontend container' Security Context | `false` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI frontend container | `["ALL"]` |
|
||||
| `hubble.ui.frontend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI frontend container | `RuntimeDefault` |
|
||||
| `hubble.ui.frontend.enableIPv6` | Enable IPv6 for Hubble UI frontend | `false` |
|
||||
| `hubble.ui.frontend.serverBlock` | Custom server block to be used to configure NGINX (ignored if existingServerBlockConfigmap is set) | `""` |
|
||||
| `hubble.ui.frontend.existingServerBlockConfigmap` | ConfigMap with custom server block to be used to configure NGINX | `""` |
|
||||
| `hubble.ui.frontend.command` | Override default Hubble UI frontend container command (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.frontend.args` | Override default Hubble UI frontend container args (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.frontend.lifecycleHooks` | for Hubble UI frontend containers to automate configuration before or after startup | `{}` |
|
||||
| `hubble.ui.frontend.extraEnvVars` | Array with extra environment variables to add to Hubble UI frontend containers | `[]` |
|
||||
| `hubble.ui.frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI frontend containers | `""` |
|
||||
| `hubble.ui.frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI frontend containers | `""` |
|
||||
| `hubble.ui.frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI frontend containers | `[]` |
|
||||
| `hubble.ui.backend.image.registry` | Hubble UI Backend image registry | `REGISTRY_NAME` |
|
||||
| `hubble.ui.backend.image.repository` | Hubble UI Backend image repository | `REPOSITORY_NAME/hubble-ui-backend` |
|
||||
| `hubble.ui.backend.image.digest` | Hubble UI Backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
|
||||
| `hubble.ui.backend.image.pullPolicy` | Hubble UI Backend image pull policy | `IfNotPresent` |
|
||||
| `hubble.ui.backend.image.pullSecrets` | Hubble UI Backend image pull secrets | `[]` |
|
||||
| `hubble.ui.backend.containerPorts.http` | Hubble UI backend HTTP container port | `8090` |
|
||||
| `hubble.ui.backend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI backend containers | `[]` |
|
||||
| `hubble.ui.backend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI backend containers | `true` |
|
||||
| `hubble.ui.backend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `hubble.ui.backend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `hubble.ui.backend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` |
|
||||
| `hubble.ui.backend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `hubble.ui.backend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `hubble.ui.backend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI backend containers | `true` |
|
||||
| `hubble.ui.backend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `hubble.ui.backend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `hubble.ui.backend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `hubble.ui.backend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `hubble.ui.backend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `hubble.ui.backend.startupProbe.enabled` | Enable startupProbe on Hubble UI backend containers | `false` |
|
||||
| `hubble.ui.backend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
|
||||
| `hubble.ui.backend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` |
|
||||
| `hubble.ui.backend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `hubble.ui.backend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` |
|
||||
| `hubble.ui.backend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `hubble.ui.backend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.backend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.backend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `hubble.ui.backend.resourcesPreset` | Set Hubble UI backend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.backend.resources is set (hubble.ui.backend.resources is recommended for production). | `nano` |
|
||||
| `hubble.ui.backend.resources` | Set Hubble UI backend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `hubble.ui.backend.containerSecurityContext.enabled` | Enabled Hubble UI backend container' Security Context | `true` |
|
||||
| `hubble.ui.backend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI backend container | `{}` |
|
||||
| `hubble.ui.backend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI backend container' Security Context | `1001` |
|
||||
| `hubble.ui.backend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI backend container' Security Context | `1001` |
|
||||
| `hubble.ui.backend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI backend container' Security Context | `true` |
|
||||
| `hubble.ui.backend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI backend container' Security Context | `true` |
|
||||
| `hubble.ui.backend.containerSecurityContext.privileged` | Set privileged in Hubble UI backend container' Security Context | `false` |
|
||||
| `hubble.ui.backend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI backend container' Security Context | `false` |
|
||||
| `hubble.ui.backend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI backend container | `["ALL"]` |
|
||||
| `hubble.ui.backend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI backend container | `RuntimeDefault` |
|
||||
| `hubble.ui.backend.command` | Override default Hubble UI backend container command (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.backend.args` | Override default Hubble UI backend container args (useful when using custom images) | `[]` |
|
||||
| `hubble.ui.backend.lifecycleHooks` | for Hubble UI backend containers to automate configuration before or after startup | `{}` |
|
||||
| `hubble.ui.backend.extraEnvVars` | Array with extra environment variables to add to Hubble UI backend containers | `[]` |
|
||||
| `hubble.ui.backend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI backend containers | `""` |
|
||||
| `hubble.ui.backend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI backend containers | `""` |
|
||||
| `hubble.ui.backend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI backend containers | `[]` |
|
||||
| `hubble.ui.replicaCount` | Number of Hubble UI replicas to deploy | `1` |
|
||||
| `hubble.ui.podSecurityContext.enabled` | Enable Hubble UI pods' Security Context | `true` |
|
||||
| `hubble.ui.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy for Hubble UI pods | `Always` |
|
||||
| `hubble.ui.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface for Hubble UI pods | `[]` |
|
||||
| `hubble.ui.podSecurityContext.supplementalGroups` | Set filesystem extra groups for Hubble UI pods | `[]` |
|
||||
| `hubble.ui.podSecurityContext.fsGroup` | Set fsGroup in Hubble UI pods' Security Context | `1001` |
|
||||
| `hubble.ui.automountServiceAccountToken` | Mount Service Account token in Hubble UI pods | `true` |
|
||||
| `hubble.ui.hostAliases` | Hubble UI pods host aliases | `[]` |
|
||||
| `hubble.ui.deploymentAnnotations` | Annotations for Hubble UI deployment | `{}` |
|
||||
| `hubble.ui.podLabels` | Extra labels for Hubble UI pods | `{}` |
|
||||
| `hubble.ui.podAnnotations` | Annotations for Hubble UI pods | `{}` |
|
||||
| `hubble.ui.podAffinityPreset` | Pod affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `hubble.ui.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `hubble.ui.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `hubble.ui.nodeAffinityPreset.key` | Node label key to match. Ignored if `hubble.ui.affinity` is set | `""` |
|
||||
| `hubble.ui.nodeAffinityPreset.values` | Node label values to match. Ignored if `hubble.ui.affinity` is set | `[]` |
|
||||
| `hubble.ui.affinity` | Affinity for Hubble UI pods assignment | `{}` |
|
||||
| `hubble.ui.nodeSelector` | Node labels for Hubble UI pods assignment | `{}` |
|
||||
| `hubble.ui.tolerations` | Tolerations for Hubble UI pods assignment | `[]` |
|
||||
| `hubble.ui.updateStrategy.type` | Hubble UI deployment strategy type | `RollingUpdate` |
|
||||
| `hubble.ui.priorityClassName` | Hubble UI pods' priorityClassName | `""` |
|
||||
| `hubble.ui.topologySpreadConstraints` | Topology Spread Constraints for Hubble UI pod assignment spread across your cluster among failure-domains | `[]` |
|
||||
| `hubble.ui.schedulerName` | Name of the k8s scheduler (other than default) for Hubble UI pods | `""` |
|
||||
| `hubble.ui.terminationGracePeriodSeconds` | Seconds Hubble UI pods need to terminate gracefully | `""` |
|
||||
| `hubble.ui.extraVolumes` | Optionally specify extra list of additional volumes for the Hubble UI pods | `[]` |
|
||||
| `hubble.ui.sidecars` | Add additional sidecar containers to the Hubble UI pods | `[]` |
|
||||
| `hubble.ui.initContainers` | Add additional init containers to the Hubble UI pods | `[]` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.enabled` | Enabled Hubble UI init-containers' Security Context | `true` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI init-containers | `{}` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI init-containers' Security Context | `1001` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsGroup` | Set runAsUser in Hubble UI init-containers' Security Context | `1001` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI init-containers' Security Context | `true` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI init-containers' Security Context | `true` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.privileged` | Set privileged in Hubble UI init-containers' Security Context | `false` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI init-containers' Security Context | `false` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI init-containers | `["ALL"]` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI init-containers | `RuntimeDefault` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset` | Set Hubble UI "wait-for-hubble-relay" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.resources is set (hubble.ui.defaultInitContainers.waitForHubbleRelay.resources is recommended for production). | `nano` |
|
||||
| `hubble.ui.defaultInitContainers.waitForHubbleRelay.resources` | Set Hubble UI "wait-for-hubble-relay" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `hubble.ui.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
|
||||
| `hubble.ui.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
|
||||
| `hubble.ui.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `hubble.ui.pdb.minAvailable` and `hubble.ui.pdb.maxUnavailable` are empty. | `""` |
|
||||
| `hubble.ui.autoscaling.vpa.enabled` | Enable VPA for Hubble UI pods | `false` |
|
||||
| `hubble.ui.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
|
||||
| `hubble.ui.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
|
||||
| `hubble.ui.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
|
||||
| `hubble.ui.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
|
||||
| `hubble.ui.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` |
|
||||
| `hubble.ui.autoscaling.hpa.enabled` | Enable HPA for Hubble UI pods | `false` |
|
||||
| `hubble.ui.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` |
|
||||
| `hubble.ui.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` |
|
||||
| `hubble.ui.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `hubble.ui.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
|
||||
### Hubble UI Traffic Exposure Parameters
|
||||
|
||||
|
||||
@@ -83,7 +83,7 @@ spec:
|
||||
terminationGracePeriodSeconds: {{ .Values.hubble.relay.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
{{- include "cilium.hubble.relay.waitForHubble" . | nindent 8}}
|
||||
{{- include "cilium.hubble.relay.waitForHubble" . | nindent 8 }}
|
||||
{{- if .Values.hubble.relay.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.hubble.relay.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
98
bitnami/cilium/templates/hubble-ui/_init_containers.tpl
Normal file
98
bitnami/cilium/templates/hubble-ui/_init_containers.tpl
Normal file
@@ -0,0 +1,98 @@
|
||||
{{/*
|
||||
Copyright Broadcom, Inc. All Rights Reserved.
|
||||
SPDX-License-Identifier: APACHE-2.0
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
Returns an init-container that waits for Hubble Relay to be ready
|
||||
*/}}
|
||||
{{- define "cilium.hubble.ui.waitForHubbleRelay" -}}
|
||||
- name: wait-for-hubble-relay
|
||||
image: {{ include "cilium.hubble.relay.image" . }}
|
||||
imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }}
|
||||
{{- if .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resources }}
|
||||
resources: {{- toYaml .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resources | nindent 4 }}
|
||||
{{- else if ne .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset) | nindent 4 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
retry_while() {
|
||||
local cmd="${1:?cmd is missing}"
|
||||
local retries="${2:-12}"
|
||||
local sleep_time="${3:-5}"
|
||||
local return_value=1
|
||||
|
||||
read -r -a command <<<"$cmd"
|
||||
for ((i = 1; i <= retries; i += 1)); do
|
||||
"${command[@]}" && return_value=0 && break
|
||||
sleep "$sleep_time"
|
||||
done
|
||||
return $return_value
|
||||
}
|
||||
|
||||
exit_code=0
|
||||
if ! retry_while "grpc-health-probe -addr=${HUBBLE_RELAY_ENDPOINT} ${GRPC_FLAGS}"; then
|
||||
echo "hubble is not ready"
|
||||
exit_code=1
|
||||
else
|
||||
echo "hubble ready"
|
||||
fi
|
||||
|
||||
exit "$exit_code"
|
||||
env:
|
||||
- name: HUBBLE_RELAY_ENDPOINT
|
||||
value: {{ printf "%s.%s.svc.%s:%d" (include "cilium.hubble.relay.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.hubble.relay.service.ports.grpc) | quote }}
|
||||
{{- if not .Values.hubble.tls.enabled }}
|
||||
- name: GRPC_FLAGS
|
||||
value: "-rpc-timeout=2s"
|
||||
{{- else }}
|
||||
- name: GRPC_FLAGS
|
||||
value: "-rpc-timeout=2s -tls -tls-ca-cert=/certs/client/ca.crt -tls-client-cert=/certs/client/tls.crt -tls-client-key=/certs/client/tls.key"
|
||||
volumeMounts:
|
||||
- name: client-cert
|
||||
readOnly: true
|
||||
mountPath: /certs/client
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns an init-container that preserves the NGINX logs symlinks
|
||||
*/}}
|
||||
{{- define "cilium.hubble.ui.preserveLogLinks" -}}
|
||||
- name: preserve-logs-symlinks
|
||||
image: {{ template "cilium.hubble.ui.frontend.image" . }}
|
||||
imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }}
|
||||
{{- if .Values.hubble.ui.frontend.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hubble.ui.frontend.containerSecurityContext "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.hubble.ui.frontend.resources }}
|
||||
resources: {{- toYaml .Values.hubble.ui.frontend.resources | nindent 4 }}
|
||||
{{- else if ne .Values.hubble.ui.frontend.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.hubble.ui.frontend.resourcesPreset) | nindent 4 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
|
||||
# We copy the logs folder because it has symlinks to stdout and stderr
|
||||
if ! is_dir_empty /opt/bitnami/nginx/logs; then
|
||||
cp -r /opt/bitnami/nginx/logs /emptydir/nginx-logs-dir
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /emptydir
|
||||
{{- end -}}
|
||||
@@ -83,31 +83,8 @@ spec:
|
||||
terminationGracePeriodSeconds: {{ .Values.hubble.ui.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: preserve-logs-symlinks
|
||||
image: {{ template "cilium.hubble.ui.frontend.image" . }}
|
||||
imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }}
|
||||
{{- if .Values.hubble.ui.frontend.containerSecurityContext.enabled }}
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hubble.ui.frontend.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.hubble.ui.frontend.resources }}
|
||||
resources: {{- toYaml .Values.hubble.ui.frontend.resources | nindent 12 }}
|
||||
{{- else if ne .Values.hubble.ui.frontend.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.hubble.ui.frontend.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
|
||||
# We copy the logs folder because it has symlinks to stdout and stderr
|
||||
if ! is_dir_empty /opt/bitnami/nginx/logs; then
|
||||
cp -r /opt/bitnami/nginx/logs /emptydir/nginx-logs-dir
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /emptydir
|
||||
{{- include "cilium.hubble.ui.waitForHubbleRelay" . | nindent 8 }}
|
||||
{{- include "cilium.hubble.ui.preserveLogLinks" . | nindent 8 }}
|
||||
{{- if .Values.hubble.ui.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.hubble.ui.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -3147,6 +3147,56 @@ hubble:
|
||||
## command: ['sh', '-c', 'echo "hello world"']
|
||||
##
|
||||
initContainers: []
|
||||
## Default init Containers
|
||||
##
|
||||
defaultInitContainers:
|
||||
## Hubble UI "wait-for-hubble-relay" init container
|
||||
## Used to waits for kube-proxy to be ready
|
||||
##
|
||||
waitForHubbleRelay:
|
||||
## Configure "wait-for-hubble-relay" init-container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.enabled Enabled Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Hubble UI init-containers
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsUser Set runAsUser in Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsGroup Set runAsUser in Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.privileged Set privileged in Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Hubble UI init-containers' Security Context
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Hubble UI init-containers
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seccompProfile.type Set seccomp profile in Hubble UI init-containers
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Hubble UI "wait-for-hubble-relay" init container resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset Set Hubble UI "wait-for-hubble-relay" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.resources is set (hubble.ui.defaultInitContainers.waitForHubbleRelay.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "nano"
|
||||
## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.resources Set Hubble UI "wait-for-hubble-relay" init container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Pod Disruption Budget configuration
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
||||
## @param hubble.ui.pdb.create Enable/disable a Pod Disruption Budget creation
|
||||
|
||||
Reference in New Issue
Block a user