diff --git a/talos/patches/cilium.sh b/talos/patches/cilium.sh index 66013ac..1669357 100644 --- a/talos/patches/cilium.sh +++ b/talos/patches/cilium.sh @@ -17,7 +17,7 @@ helm repo add cilium https://helm.cilium.io/ helm template \ cilium \ cilium/cilium \ - --version 1.17.3 \ + --version 1.18.3 \ --namespace kube-system \ --set ipam.mode=kubernetes \ --set hubble.relay.enabled=true \ diff --git a/talos/patches/cilium.yaml b/talos/patches/cilium.yaml index 20b897c..fc09623 100644 --- a/talos/patches/cilium.yaml +++ b/talos/patches/cilium.yaml @@ -15,6 +15,7 @@ cluster: name: "cilium-secrets" labels: app.kubernetes.io/part-of: cilium + annotations: --- # Source: cilium/templates/cilium-agent/serviceaccount.yaml apiVersion: v1 @@ -59,8 +60,8 @@ cluster: name: cilium-ca namespace: kube-system data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU9tQ1Qzc0V4S2wydjNuQzZuVUYvSmt3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTURVd01qRTVNRFl4TUZvWERUSTRNRFV3TVRFNQpNRFl4TUZvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF2MDkrMlpuaWtVQXQzWm9CTlByY1h6NGFTTXprTzVFY255c1hpWUlFeXE4YkdJNlQKeXBvbXdiRDhQZExuY2xPenVRNXg2eXNQWDZnNjRyY1dUczNZc0RtZUp6WWdBNTRZMFBZTUZ6UWs1TUhMS1ZTZQpRNHZNbHFSRHI4bmRDVDVia3JsWGltZXdxT2pXRWhDRUNud091WmZqZklYdmRuYWRRMmh3TzNKemVRdEZOeHA5CnhsU3BDbGxVT25JVHZVTEJ4VXhGVGNnSE11ekNpSGFZN2dVY2Q0T1NNMnVzWXc2aHdYKzNwQVl3citmUmR1N2EKMXFKUzNmU2RHcHdycVBmR01TVUNod0tSTFpYQ2VpSzAzd0pTN3I5Q1k2aTZUdXlEY1BhNlQxUXlMaHpHV0VMTQo0cWhWdnNSRFNBelpKUWUrTjR4VU9nbFlrbUNJNFF0Y1NvWlFVUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGTXQxb2lwUjVCVFNEMEVERkZjdzVoYUh6cFVFTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlFEcXNQV1FDcDRSTkc5OWJpeWFFaFNvc0lsdmFwY0V2R2JoRk5ieUxOYlBaYkwxOTdXRUQwCldjemJ0TXN1MWFSOVN2Umg4Y3MrUEw5SUluK2grYWJUVzEvakVqSFlNS01qU0Z0Z1JMS0N0aDBmVkc0T0puRzkKV2hubGZuTUl2T3I4Z3pnWU0zZldaRHJSeG82MXBQQjhJN0RWQk9FWXZMdDI2SFVOTGdxTkg0bStPRzdVeEVHMwpwb0xQYnNRNXZUUGQ4V2UyYjNZL092bnloQytVUFZaN292L0d1ZnRlRXFQTEkzQjRHaDRsUmZGYk9ZdmxQRnlHClZ2SzNMTXR1Zmw4aXRXUXZtUHdJQkEzYW92YXFYQUZhMnhUbmcyb2NTV3Y1dGRWb0tLMmd2cU5VK215WFZ6L0sKTGQ2VTZKSFROSHhTWlBVMU1kMHpFSnRZbEI0ZWliUFEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdjA5KzJabmlrVUF0M1pvQk5QcmNYejRhU016a081RWNueXNYaVlJRXlxOGJHSTZUCnlwb213YkQ4UGRMbmNsT3p1UTV4NnlzUFg2ZzY0cmNXVHMzWXNEbWVKellnQTU0WTBQWU1GelFrNU1ITEtWU2UKUTR2TWxxUkRyOG5kQ1Q1YmtybFhpbWV3cU9qV0VoQ0VDbndPdVpmamZJWHZkbmFkUTJod08zSnplUXRGTnhwOQp4bFNwQ2xsVU9uSVR2VUxCeFV4RlRjZ0hNdXpDaUhhWTdnVWNkNE9TTTJ1c1l3Nmh3WCszcEFZd3IrZlJkdTdhCjFxSlMzZlNkR3B3cnFQZkdNU1VDaHdLUkxaWENlaUswM3dKUzdyOUNZNmk2VHV5RGNQYTZUMVF5TGh6R1dFTE0KNHFoVnZzUkRTQXpaSlFlK040eFVPZ2xZa21DSTRRdGNTb1pRVVFJREFRQUJBb0lCQUFWNUxjVGwvVEJ3cUo5RgpiN0ZuVi9TMW55VGtEOGVRZ0VRaGhIdmZwMmx4RnhKZHllYXJBRjdjUkdzMFpJREYya2Q2SFZKQUdpRi9lNmZPCjJ5bUlCQ0lPay9MRlBxYzcxN1BxeGkvSHd5SjBWTzZxeUJoZ29JclN5a2oyT29ld0xBaUhtdlNQd09Na1BqT28KRzA3OWU2SmRzUmwzNzREeEpkQ3U1VDhlS0NXWFd6OHd5cER5YmczTmlxZjNYeWJHcDFGN3RLamZSSk1wWWVUbQowRWlhcCtRMUkxcEh5NXp3YnUwclhxbmJqNS9OUTRBRjFMMDhOTTNxNzd2TTczL09icjhWN0ZuRjcvd1JwV2VTCjF2ZGF5SnUvdmlqUDFrZ3pvL3F3NGhMcmM2ZDAza0p4dTB2d3J1VGV5YmovempLQytVOWNWb3UyUFJwUHYzcXkKdUM5OWYyMENnWUVBOE43cytYK2sxMUsrcVkyMWxhWDZIc0ZUN0NaZGtCUVVrdGhNRDVPZzZBMFFsaUYyWXBhVwp3ZGl4eWpnR3BVZlV3OFFNcTRMazNiejcxK1BhZ0RtTHlVOC9CVXZFWmZQQktiRDZGNm0zVURGTVFqbVNzdExaCnUvTmxRSXh2aERXdlNlNEk4QVZ4Uk4yZ3o1NWZIRE5DOFBrRy9JL2pmUVAwTkpSdnRrc2F4eWNDZ1lFQXkxT3EKd0QvL1NBOVFWSFB2UkZFelV4LzB4MlRkbzI5bnJObTJVa1hyY1E0bUNqWmtjT0lydFJlWVN1cUlzZHdCckN6RApPV3ZwOWtXOEQ0WWdwK3V0TE44VGlDQ1VXcjBXNHlxY0x5TENOWmdncnZ6azNVcGl3MWxuM1hVaVVIVWwyRUpjCkNBMnY2NnEwZ1h0U1h0UmtCaUlJa0ZHMEpwTVY3cWhVemJOSEY4Y0NnWUVBdXVxemlMWG1ESFlZb09qb0ZiWVUKVDlPRXRZZmNLVmQ3MDZ4bjhkcUZEaTQ5UmRPMzA2KzZVN2s5MW9mOW1Ec1N2OHdlYk9ZSmhvMEYvalhDTktqegpjZ2UrQnZVUjltL2U0T1NHWHVDRDhZWWdBSEEvQitnWnNRR2kvQ0UrMUtENFl1MkdJQVNKTG9DeUx3dGVFVHN5CllsOU5iYWFYU1VkTk5aUk8wRzZkM0JjQ2dZRUF5QktFS3JqT2tqRy9jZHJDemc2NDJrclBxb1R1TXl3a2NFbXEKeGpwVyt1QlpQaU5Yb2x4cmRiN0o5SzNqNUdBQXBWTkdwdkl4UGt4UVNWWktPL0lFYmVyMFpUYnB4SC9jVFp4WQpJMm1vZ09RNUJQZUVuTnZkWXl4T3IvUGEyQ0R1SkdibitHUy9mcjV5OEJaUmIwNi9QZW12VTVPU0dZTVNTYzBKCjVYOUxyWEVDZ1lFQXdkYWg0WjVPdm1QVXNZN2dRbzUvc0JTUG1VYVJQL0kzdDVIV0hPMThZa2RqaFlsek4xUUwKRmVnUVgyUXU4OTJMSWFDeEVUeHpEcjVrN3dCdFNvSUtsZ3M0cWs2UjVMTit0M203WDVSKzNiQnYyQkNwT3Z3TQpSbWpLZmFkVTJ4OHlYenZBdjNaQzJJcmxuc3dNNjZ6WmFKVkRVcjkrdWxQNVVacEhUZmdWalo0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRWDhrSVBBQ0pXeitRRlZIVUlOcm9FekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TVRBeU1UVTBNakV4V2hjTk1qZ3hNVEF4TVRVMApNakV4V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQ3JFYmcvOHZGalgyQXcrREY0My9KTkc0VFhuRDJoY2xrVGFiR3A1UXRYYmpnN1pMNy8KeHdNdW56M3BpNlZENkVrME9sbmVNK0EyNUxIVlZnRzJHUktrQ2lMOVpEakdJSkordXhWZmZSZDVYc0hRYzVzWgo4SzZEaG5NZGRJWWpoTzJhakNvSGdNUVYwOXNPODZtN0tCQmdLbTZmeDFPQVlFbHlXM0dwRWVVMndpMnFXK1pUCmJDQ045NWJ6bFNqd3grNFlZZUtoOEVKU2NnUk5IUi90Qis1OFlmTzIvaGRLaC9TSnJxek5XLzBQRDhVL1Y3KzkKdzR3eXMwMlFKUlZNb3hLVU9JQWozcFByMGhvTUU4by9TNG9UWjZJSUo1R0R1VWFnbnNVL3FCbjJJMnUzQkR4SgpoNk5XMGd6TjY5MTl2TVZmSnJxdXo4V1hJMGwzUkxKTklhOUZBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVU2YjRabzdCcjd1TWlTaUtsQlJ1eWxrYmMxWHd3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFHbTIzSjhvL2ZtTmRwME1GWjRRZ0M1S2hlc1BTQ2xwSm9jOENWZjE2eTdFWHkrNGRqMzYzKzdMClpSNFlRc3VGMUhDbDZxRG8xbVVEMC9GdDdRZWtDREV2U2VKOUEvd29SbUlENmR1VG9uSDBQUU1lM1dOUUYxZlgKSE5zWmt5WE1pejBWelFJMWFhSmU5WHNkMzgrM3RqT011UlRtOW9ZQzJsUHk2QVpsT1pidUNhVTE1UU03bkZzcgpHYVZpYlJTWVlMUHc3cExFdS90ZHAzSXlra1lSeU9WRWZLaUJ6QjRsZlE0Z1FCUXBpMkc0bGYvak50V2g0QTBOCmVGQ0JLTEZZZXE1ZjQwRksySEQ3NHBUMWJ4cURCMm9LdkNOUS9jUnl3d3o4RGRKRVpIbFVENXFtc2dQT3Z0b2oKcG94R2lMZDl1WlFYcHNWSWJnalY0c29sNTdQcjZvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBcXhHNFAvTHhZMTlnTVBneGVOL3lUUnVFMTV3OW9YSlpFMm14cWVVTFYyNDRPMlMrCi84Y0RMcDg5Nll1bFEraEpORHBaM2pQZ051U3gxVllCdGhrU3BBb2kvV1E0eGlDU2Zyc1ZYMzBYZVY3QjBIT2IKR2ZDdWc0WnpIWFNHSTRUdG1vd3FCNERFRmRQYkR2T3B1eWdRWUNwdW44ZFRnR0JKY2x0eHFSSGxOc0l0cWx2bQpVMndnamZlVzg1VW84TWZ1R0dIaW9mQkNVbklFVFIwZjdRZnVmR0h6dHY0WFNvZjBpYTZzelZ2OUR3L0ZQMWUvCnZjT01Nck5Oa0NVVlRLTVNsRGlBSTk2VDY5SWFEQlBLUDB1S0UyZWlDQ2VSZzdsR29KN0ZQNmdaOWlOcnR3UTgKU1llalZ0SU16ZXZkZmJ6Rlh5YTZycy9GbHlOSmQwU3lUU0d2UlFJREFRQUJBb0lCQUh6NElPVjJrS2pMai9XMgpHazMzSzRid3g0YksrS3JzWWU0d2xEMU11WkJSVUhyekNpVElPYWJoWmRVcTByeGRBTDFLczBRRUdaT0FWZmxICkwxRGIyQ1pGMFhIU3VUYmpyS0V3QWxrVGhRYUJGbzAxSnVVNFVnUjdQN1VRM3IwcjZuZXdWVFBOK1hFSXAwcXcKN2hsdkZ5ZHBXQThaQ2dNS1ZCMWFlQm5Pbk9mMm1BUGhUay9FbUNOUlNRZmptb2tQVTcwaW16cC9maURnQ1QwZwo1ZDhxYkIzdlFDYW1GWnZoRlh2dGIvdjZWdkI2RWE3V0pWWlNvSVM1am5pQ1FaVTcwb1RIY24rTXAxVW1icjBICmp0Nzg4RWJDZmVmMGxMNDZJOVIrOU5PaEgvL01PalpwTWZKcWtpalFEbDJlMk1QcTRUL2tQWVNBdjdaZFhxYlYKaCtJSTVyRUNnWUVBdy95aTB2OE5nUkRYQUtYZitFQml1aTJvZmhMbW9ubUZVUFFLR3ZjSGV2YmdTZEVHejRkSQpvdnhCM2x5WWJ0UlZmQnV1MDJMdzJLVXhPMTBXU2FXaWNDdkQrdGFUK2YrYVBKYThNMjVkM3N2M1hsTDY5K0ZSCm52OUtnK21BVjM2V2pWWFNMSXdZYStJc2RSem93VkMwN2p2VVFwakRXME8yVmRLT2VuOGNJR01DZ1lFQTMzUEwKcS83ZEtJd2M4djdTd2ZUdmo3RmViTm9DN1NwR2RRbHBhY2xSeGtXa3dFMnEwSk14dFVneUtNeTQ3bVlaTE9GUQpPVTd6M0NGZ3NCUTJLU1VFT3FDY2I0aWd2VFJKejRtS3hjV1g3UmZsOWxwK3BKejA3OUx2alBsaDhFYkMvaEErCkw5aW95cWU3ZWpyN3d0SXNmb0tmS1RqeFN4L3FoTWtIVkpNaWZqY0NnWUVBZzRTbWsyY2EzZEM2SnpJbzhVUHIKdkxwbEJtMlNuZGRra21XaDNtU0ZmWXZzQ1QwZkQrYmQ1Sm5aYmVtL1ZTaGlVVTJXYlQ1SkYya0xkNlhKRGhUNwp3OEJxM0lwZ2RQU0V3VUg1KzUyRm1yeFBQTm44bHBsNmwzTUR3eS9QczJjOGlvM2I0NDhEMkduSG9iT0xzaWFCCnRCa3NJS0M1QUNhWlZsQmMwbkU0STdjQ2dZRUFsdWRabmM4aHhqZFJlWjB6OGY2YkpseHZXMjJqMmt6WmhrS1QKNlBnbmZKSWQ0Q3pUZGNaaUpINGNPY2VBQUtmOHluMWpNMENwbVhrRkZnU2dTd3NQbnhSR2NXQkF4V1loanNIaApjUXl2UEZRT1hsL2c5UVIydWR1bklYcHRkTm9rNTNWS3VmOUVoby9lSVg3aDlVRUJBWEx2VCtSL3QrOVc3dFBnClduSi9NZU1DZ1lFQXN1L0xERUloQURhL0M5T1pCNHBrb3VXMm5XSTZvaXlWbGw3WFV4VEl4bHRZVmhPV3c4WlUKS2dDQ2l2OFhJNExPazNTWUl5SjVvY1A0SGpwTE9uZVNXd2FwMjRLTXZ4NW1RTmZPeVJBUHZwT0NXbkZqOWVjUwpxZGNNRHl6cFlDTGQwcU9pQnZyWXhiTXI1VjM1RGZvVHZxZHJTOHVqaVBlYXh1UUErclpQYVlFPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= --- # Source: cilium/templates/hubble/tls-helm/relay-client-secret.yaml apiVersion: v1 @@ -70,9 +71,9 @@ cluster: namespace: kube-system type: kubernetes.io/tls data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU9tQ1Qzc0V4S2wydjNuQzZuVUYvSmt3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTURVd01qRTVNRFl4TUZvWERUSTRNRFV3TVRFNQpNRFl4TUZvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF2MDkrMlpuaWtVQXQzWm9CTlByY1h6NGFTTXprTzVFY255c1hpWUlFeXE4YkdJNlQKeXBvbXdiRDhQZExuY2xPenVRNXg2eXNQWDZnNjRyY1dUczNZc0RtZUp6WWdBNTRZMFBZTUZ6UWs1TUhMS1ZTZQpRNHZNbHFSRHI4bmRDVDVia3JsWGltZXdxT2pXRWhDRUNud091WmZqZklYdmRuYWRRMmh3TzNKemVRdEZOeHA5CnhsU3BDbGxVT25JVHZVTEJ4VXhGVGNnSE11ekNpSGFZN2dVY2Q0T1NNMnVzWXc2aHdYKzNwQVl3citmUmR1N2EKMXFKUzNmU2RHcHdycVBmR01TVUNod0tSTFpYQ2VpSzAzd0pTN3I5Q1k2aTZUdXlEY1BhNlQxUXlMaHpHV0VMTQo0cWhWdnNSRFNBelpKUWUrTjR4VU9nbFlrbUNJNFF0Y1NvWlFVUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGTXQxb2lwUjVCVFNEMEVERkZjdzVoYUh6cFVFTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlFEcXNQV1FDcDRSTkc5OWJpeWFFaFNvc0lsdmFwY0V2R2JoRk5ieUxOYlBaYkwxOTdXRUQwCldjemJ0TXN1MWFSOVN2Umg4Y3MrUEw5SUluK2grYWJUVzEvakVqSFlNS01qU0Z0Z1JMS0N0aDBmVkc0T0puRzkKV2hubGZuTUl2T3I4Z3pnWU0zZldaRHJSeG82MXBQQjhJN0RWQk9FWXZMdDI2SFVOTGdxTkg0bStPRzdVeEVHMwpwb0xQYnNRNXZUUGQ4V2UyYjNZL092bnloQytVUFZaN292L0d1ZnRlRXFQTEkzQjRHaDRsUmZGYk9ZdmxQRnlHClZ2SzNMTXR1Zmw4aXRXUXZtUHdJQkEzYW92YXFYQUZhMnhUbmcyb2NTV3Y1dGRWb0tLMmd2cU5VK215WFZ6L0sKTGQ2VTZKSFROSHhTWlBVMU1kMHpFSnRZbEI0ZWliUFEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lSQU1tYVdOeXNyWWZqalJERmZyU2dtUWt3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTURVd01qRTVNRFl4TVZvWERUSTJNRFV3TWpFNQpNRFl4TVZvd0l6RWhNQjhHQTFVRUF3d1lLaTVvZFdKaWJHVXRjbVZzWVhrdVkybHNhWFZ0TG1sdk1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXFnSmgyOCtkRVJBN2xCbGpiT2FxVjBoNnorRnAKRzlXV2ZUOFRpdTkrbnJmTmIrWk9EQ0NnaVBXNDQ4OFF0VTlhcGM0WWpKY2lheUdrYlhQVUcrK3NvYmNZckFENwpZbklsK0VNcHhLeWNISlpiUCtuNEtKSERPbHVESmtYZG45KzhyZzVmakhwQ2VKenVaOE5DbmUvNGRZUnFtZEVsClpacjJndDNJYTFtOG9WRjJHS3FZT1AvZkNVcDQ0S052cGtyVFkvMjNKMGZGaDBCNUgyWi83bUhZYmtYbjFlYUYKdDZhTTJDYWt2WmQyVWErVWMxOFFsOU1Ld3B0UWNzWS9FN2QxRUxKTVdkZ1hzQVFqUEJwQ0VEeVJjbUpWMlVWcwpsMExweXNNeFhkVndNVDRtZTM1VGgyRkRjMURPY04wZjZXcXg2MDUvSUJ5NS9IbFM1Mjh2SG5LMk9RSURBUUFCCm80R0dNSUdETUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUIKQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVExkYUlxVWVRVTBnOUJBeFJYTU9ZVwpoODZWQkRBakJnTlZIUkVFSERBYWdoZ3FMbWgxWW1Kc1pTMXlaV3hoZVM1amFXeHBkVzB1YVc4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBSzFBeE4zT0M0Ym12SWVaZHpRd1hQOFI5U2xicVM4SExDcW12UzFyU0pXS3dNa1QKTkIwWFdtUHlSYm5kVFN2U3lsZURZSWY5RmQ1RHhQczd1S3JibWNCTXJsdTlZanE5TGN0ODBSdHBqMElCUElISApDRUg3UE9LaDdXSTJUbkdYbnkrUzYzNktKMWxSRFpvVWZZMWkwRFJWUVczNUM3MEE2SGpyamJhbDVGK1Z5Y3VvCjJnUEJTdXUyMzBicGZPdG5JdGplL1BOelVPL2EwOTZnbzBDa2xFaVRwV1lzYjVZZzBLKzZKK3BGalcvRjFOZ0cKVDJpbmw0QUVlWkIzM3c0WldISHJEQ09MemRVajhPbWlNMzlHYkM2alBjc3R6dk9aT2dEUlBQV3h3T3pwZERSTwo2OHpoZVVtUkNHY0w2cTlVRGc2amt0a3lmOHY0cEI2ZTlyYWpSTEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcWdKaDI4K2RFUkE3bEJsamJPYXFWMGg2eitGcEc5V1dmVDhUaXU5K25yZk5iK1pPCkRDQ2dpUFc0NDg4UXRVOWFwYzRZakpjaWF5R2tiWFBVRysrc29iY1lyQUQ3WW5JbCtFTXB4S3ljSEpaYlArbjQKS0pIRE9sdURKa1hkbjkrOHJnNWZqSHBDZUp6dVo4TkNuZS80ZFlScW1kRWxaWnIyZ3QzSWExbThvVkYyR0txWQpPUC9mQ1VwNDRLTnZwa3JUWS8yM0owZkZoMEI1SDJaLzdtSFlia1huMWVhRnQ2YU0yQ2FrdlpkMlVhK1VjMThRCmw5TUt3cHRRY3NZL0U3ZDFFTEpNV2RnWHNBUWpQQnBDRUR5UmNtSlYyVVZzbDBMcHlzTXhYZFZ3TVQ0bWUzNVQKaDJGRGMxRE9jTjBmNldxeDYwNS9JQnk1L0hsUzUyOHZIbksyT1FJREFRQUJBb0lCQUJtd2VIY05uUzlKNDZiUwpXMHJHWkRFQ084U1R6QjB2bmlqWTBpd3BXbG5EYm1DZFRXZlp1a2hYMFJOalk2UHlGTUYvTGdoNGdmUHNSbnRmCmlFcWNZZHFoM3pHR2lIWHN4NzRHOEJYTysxdjZnRmxkRW1tVzlRZ3BjZHpqcThTUHUyUVZ1ZXh4UVFBV3ZwT2gKVnJ5azJVZHd0ZWIrU29kYTdpc0NObG02V3AySmdaM0c3M2txQllHWWpLUm1ZWGhiR0k4Ty81ZkdHOSsrQUZEbQppTmJNSkRwMGVtT1F2UWpvcDRMWkRSRzNqMnFrOVArZSsyemJaVllyYVF0U3BMOEJZNC9Cc3ZXdEd0NU96OE1GCjhoQk9vOHk4OHFVTWhpdml4dDJuZXdaVW54Um84UG5pcFhjby9IV0JnY2V0cWRhc1Jud25tRzdWNTR3WUJUTkUKZGpUZGRIRUNnWUVBMVNxZ3JjQmZsSmZHcWdST3hmR0FJZnA0dnI5SFJnOENwLzV1OGxheXJ4QVhSV1QwQ1FNZwo3NzNXd3JJdWRuV0pCb2xWMnQvbmFtekIxTEtja0FkVUI3cG9CL2ZZSWpBTVlDT0tjWWxGVmlDM001aGJqWWlnCmZQY0ZiRmwvYzNDMHR2MXJPdk5HMkQ5cTd2L2liRTVvWmlSS0x3eUI1WUJnWXhlYnlqWkREU1VDZ1lFQXpDdTYKNzNVemQ3Zk5OOURuY21SMWR4MWY0aTQxRm1QbWNKckhsTEZoWUVKdEVYRjJBQS9jVlFTVk40TmVBbW4xU3NQTgpuMmFGWWE4eVA5WGlzaUk2a1hrQVBPYjVkTlI3Y2F1YndWOUVRNklZd2NkVlJvYngrV3NRQ1BVbEVTeGl1aG9yCjAzd0dROWhjZnBtQWQwTGEzcGs3cTMvaWg3VkR2TzRiRU9qUXVvVUNnWUJMcXpZZWQ0dDJVK3BSci9YR2psUE4KdS92Z3VrV3l1T0ZZZ1JraExXV0FmMVhEYkhLMFFFZ1EwbkxKNmpaVUZxVHRqUkxNLzI1R2VSVFZUQklIanBKbApxK1lCN2hqckNlTmF2VU1IeXBLeVlDcW9SZzA1MEtZbnRnaFd6ZTVRTEZINkl6dE5VYzUwTlE3Z2lEVDMvVjFSCjVNL3dvNS80dC9sL000STU1Y2tuZ1FLQmdRQzdjMkxidXhVWDAwNjg4aldzMXdMcDY3UStxd0hlbnJYUnFLbVkKb1Fxd0lBeVhPVDZIYkFoMG5oS0p0emkycXFXa2tRVFdWb0FiWVlpWEJ6NXRJZlAzMzhvU0lGWGpwN24yY1FJOQpsY1BNL0tRU05YcmJsOFhOb3poRG9SNzVGM0ZGUUFZQTB4dkZhbjN4VmVtV2xYRHhjbXBRV01lWXBSbWQrbFlyClBqVjFLUUtCZ1FDYzVRNlJkQU9HS2NLbTVxSXBCMXI2OUdjc1pTWXZhYzg4WTdlanN1VTV6YXhxdG1nM2ZGNTQKTUxnNnN2NmtXVEpMS0ZKZ0RPd2dLQUFCdmpKWHpReWZXTEROb3h0dDRFRzBHN0lKS1cwZVR5azZNTmZzOUgvcwpFbGtBVE0xWG95bDU3TXFyN1ZYVWxtNW9GbzVQZE9OcHZsUDkrRVJGUzYxSUQ0bC9McXJxRFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRWDhrSVBBQ0pXeitRRlZIVUlOcm9FekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TVRBeU1UVTBNakV4V2hjTk1qZ3hNVEF4TVRVMApNakV4V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQ3JFYmcvOHZGalgyQXcrREY0My9KTkc0VFhuRDJoY2xrVGFiR3A1UXRYYmpnN1pMNy8KeHdNdW56M3BpNlZENkVrME9sbmVNK0EyNUxIVlZnRzJHUktrQ2lMOVpEakdJSkordXhWZmZSZDVYc0hRYzVzWgo4SzZEaG5NZGRJWWpoTzJhakNvSGdNUVYwOXNPODZtN0tCQmdLbTZmeDFPQVlFbHlXM0dwRWVVMndpMnFXK1pUCmJDQ045NWJ6bFNqd3grNFlZZUtoOEVKU2NnUk5IUi90Qis1OFlmTzIvaGRLaC9TSnJxek5XLzBQRDhVL1Y3KzkKdzR3eXMwMlFKUlZNb3hLVU9JQWozcFByMGhvTUU4by9TNG9UWjZJSUo1R0R1VWFnbnNVL3FCbjJJMnUzQkR4SgpoNk5XMGd6TjY5MTl2TVZmSnJxdXo4V1hJMGwzUkxKTklhOUZBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVU2YjRabzdCcjd1TWlTaUtsQlJ1eWxrYmMxWHd3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFHbTIzSjhvL2ZtTmRwME1GWjRRZ0M1S2hlc1BTQ2xwSm9jOENWZjE2eTdFWHkrNGRqMzYzKzdMClpSNFlRc3VGMUhDbDZxRG8xbVVEMC9GdDdRZWtDREV2U2VKOUEvd29SbUlENmR1VG9uSDBQUU1lM1dOUUYxZlgKSE5zWmt5WE1pejBWelFJMWFhSmU5WHNkMzgrM3RqT011UlRtOW9ZQzJsUHk2QVpsT1pidUNhVTE1UU03bkZzcgpHYVZpYlJTWVlMUHc3cExFdS90ZHAzSXlra1lSeU9WRWZLaUJ6QjRsZlE0Z1FCUXBpMkc0bGYvak50V2g0QTBOCmVGQ0JLTEZZZXE1ZjQwRksySEQ3NHBUMWJ4cURCMm9LdkNOUS9jUnl3d3o4RGRKRVpIbFVENXFtc2dQT3Z0b2oKcG94R2lMZDl1WlFYcHNWSWJnalY0c29sNTdQcjZvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpDZ0F3SUJBZ0lRT216QVRKQXFLRndVY0FoeTRMK1B1akFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TVRBeU1UVTBNakV4V2hjTk1qWXhNVEF5TVRVMApNakV4V2pBak1TRXdId1lEVlFRRERCZ3FMbWgxWW1Kc1pTMXlaV3hoZVM1amFXeHBkVzB1YVc4d2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEdGQya2YxZ2cxR3dnOXNHM2s1emx4ZkVrZVNyaDIKTVNUYXIzTXB5SUxqd2lnSXc0WDhuZTMxSVR0emtOdFpBNmpaeXAzT2EvekJkNUFXUWp4c1dYRXdNUU10d0xMcQpKcmlubVdVNzNRV0h2dUJneUJuRjdkTXhxRWtXaGJaeWo0ZEx0M05Xc3NqUUEwZGdFMmlEdW5CaUdsUlJhbGlhCmJvT1piZzA3ejlrd1dsVDIvN01SSG5RV1I2Z2R4YVBvZkF5ZTBCTUxTTEdxOUdJcEVKVENvSnZxVnNHNzR1aW8KRGxZeDF2Z1BLNlV3a042RU4xaDFiM0xZL3Z3Sm5halhVa1oxVzFqM0p6Tmw0NVoxL2VxRjdSeGlKL0dZeEVmbgpHK2REYm4vMDVpUGNKcXNOOWVHazhqYjFBU1hwZng2eTRFUG9JY09DUlhSZnBaWkI1UktwU3FvM0FnTUJBQUdqCmdZWXdnWU13RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZPbStHYU93YSs3aklrb2lwUVVic3BaRwozTlY4TUNNR0ExVWRFUVFjTUJxQ0dDb3VhSFZpWW14bExYSmxiR0Y1TG1OcGJHbDFiUzVwYnpBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFURVJBUUZuTVdLekdhK1hIeEt1NktqTTlOeXZ0YnFPZTMrbTFjLzNHUEY2TmJUdloKWTJYQzdyZDNkUzNFZFc0QnQxQjNPbG4xSS8yZVRHeEhyemsyMmNyaWFuUnNoZ3VQdU5OOG1qZ0E2T3VXVGFQNApaeXRla0xHRWdEVGJqdlY5ZVRtOWxaNGROLzgzVlFYL1JHSUE1aG9sN0FHZmtUdktJN2RMQzlqMUJHbjlSR05yCmhsYzMwSUhhc0FGeHFKdjJLbFduUXdvOVlNOUZOUHlpN0lmZXV0eVFyRVpWVVRDQW5ZOU5vd2tpd1MxdVhaRlYKZ3hDVVVpdVh5bFBPNTFCUTM3VVBYdHZjTS9IdW4yR1hyQlpLRGpVdGNHMGtGL09ib1hNYTNubDFwNHZQaTFWWgpTUDEvbllaZlhLd2NWSlplUllwbHRBQzFVaUp2UnJRSlZPVTVwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBN1hkcEg5WUlOUnNJUGJCdDVPYzVjWHhKSGtxNGRqRWsycTl6S2NpQzQ4SW9DTU9GCi9KM3Q5U0U3YzVEYldRT28yY3Fkem12OHdYZVFGa0k4YkZseE1ERURMY0N5NmlhNHA1bGxPOTBGaDc3Z1lNZ1oKeGUzVE1haEpGb1cyY28rSFM3ZHpWckxJMEFOSFlCTm9nN3B3WWhwVVVXcFltbTZEbVc0Tk84L1pNRnBVOXYregpFUjUwRmtlb0hjV2o2SHdNbnRBVEMwaXhxdlJpS1JDVXdxQ2I2bGJCdStMb3FBNVdNZGI0RHl1bE1KRGVoRGRZCmRXOXkyUDc4Q1oybzExSkdkVnRZOXljelplT1dkZjNxaGUwY1lpZnhtTVJINXh2blEyNS85T1lqM0NhckRmWGgKcFBJMjlRRWw2WDhlc3VCRDZDSERna1YwWDZXV1FlVVNxVXFxTndJREFRQUJBb0lCQUFudmN4Q0g3ZlA2MjQ5cApNRS9oZEwvUXlXWmhEZkt6LzZ5K3BuemJETTdtc3JJYkxDSHpvWjhkOHRUVS9MaHV0TVBYL0Y1RW1tQ2wxZnQ0CmJmckNpei9PN1NrZTVOMXpIVXExMmt4MDVPUlhFaUE2ZndtTzk4VWVHMkM3MjNSVG1QK0wvMkZqUFkrbWMzZ0wKbDlYYkdSU2hzV0Z1cDZKZWVWY1VDYTIwOW90VlI1TEhFR01KNWZPVjBmWHFDbnQ4RE5YdElLemwzb3JPQ25hWgpIMTFISjhGSks5b3M1NDE4dUVmUFZrYWJDUm9UQzRWVHpvQmpNUkdXdUlZOVZzazA4NlNndUhTckM1NjFFN1dRCmhBbjQzaGJCOUE5U3pjUnVVM1hSZ1hlUzFPVTAyNTBiTjVxNXNKcUtsL3NsaTR0WmRBUmkydTV2VXRCQndXcVEKUTVmVE5QRUNnWUVBK09la1pTb2k2N2lsRlRIRFBodzBkU09SVzQ4UnRyb2E0Q1ZZdnc4Rmh0MEo1Wm5sd3BSdwpwYU1EM2FXbHowUHhCSXVLaWIxRkZ0bTZsL0NIVmYrRHl4bGRVSlJjVnJBWW5pN3BJK1Rycno1bVg3eEUzclZiCnJLZ1FFbXlndmZmK3NzNjhRQXcxeEFnTnRoeUlvbks3ampQMnMzdjVIQTJmZlVIMWZUSWJIcVVDZ1lFQTlEeE0KUWZFNXptK1UvRUoyZ09yYVUrT2dzUEtNTGRxVExrMVRrU0xZYXhkTUFibTV4REkybzUvYU1OTVdNNDZBVlN6VgpoNDhkVnVINGtmRlQyTnhQL1Z2MVY1MUlzQnNlbFhDeko5MzY0cC9zb0g1T3dyVUNoc2I0Nm9tTTNyTGlQcVZKClAvSGVycWZ3QnVLcXpCWFp0Smt5eURPbUN3NHdnOGJUN3hYVHlxc0NnWUJaejBNN0dYUVdONzZoSWg1L3A2K3AKNEphUFFkVXphSDFRQ1VtM1RwVkE3enFsOU55NVU5UTlmODlpUjJYSG5vMDFoYUFNU1JYSHcvSVc1cnYrWkw3SwpKckhMNUd4WS94c3k0RnhSRGtXWUt0ekhpR2dWTDcwUFZHalFMUS9tMjdlMER2SlA3ZGZzanJkYjBYbmZtNlJmCkVCTGcra2VOUHNFZ2NnOUJDRFpPM1FLQmdFUTlRTFUvOS8zRTBXUzJFVFF0NmpoOEpoNnFkaDR0cnVmRjlTNWQKQlFqTzVvNm8zTTJEbGg2YmdEUWFGbDdyVnRIMWgrZXJSZkJMak04Q0ZZSkc5QlovQmdxbnlISmo4V1NocTN6ZApHY2NPRmVnMXdqM0dvMkVTNE9OdThTd2I0UGpONTZ4MUlObTkxR09vR3o2UWNGWjBZMnJxZTE4bFpNcTgxK1E2ClBnV25Bb0dBY051S3U5a2tzcHBkL0ptQU5hY1lza1dLaUw0S21sRjFuQ1YwYndwaDI2QUN5RXNUb1RjL1pXemoKOW1pWUk5UGhZaTUrc1p0dzNKSFV2NE5WWE80Q2sxQ3p1RFptVWRBbHV2NUVUVTRpSk55U25vRk42VnV6NXNmQwo4SmJFV2I1anh4TFp1Q0puWWk1azduMHpKVWtTRndodlRSWkFWRXFtTXhPVjl1bDhUUjQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: cilium/templates/hubble/tls-helm/server-secret.yaml apiVersion: v1 @@ -82,9 +83,9 @@ cluster: namespace: kube-system type: kubernetes.io/tls data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQU9tQ1Qzc0V4S2wydjNuQzZuVUYvSmt3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTURVd01qRTVNRFl4TUZvWERUSTRNRFV3TVRFNQpNRFl4TUZvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF2MDkrMlpuaWtVQXQzWm9CTlByY1h6NGFTTXprTzVFY255c1hpWUlFeXE4YkdJNlQKeXBvbXdiRDhQZExuY2xPenVRNXg2eXNQWDZnNjRyY1dUczNZc0RtZUp6WWdBNTRZMFBZTUZ6UWs1TUhMS1ZTZQpRNHZNbHFSRHI4bmRDVDVia3JsWGltZXdxT2pXRWhDRUNud091WmZqZklYdmRuYWRRMmh3TzNKemVRdEZOeHA5CnhsU3BDbGxVT25JVHZVTEJ4VXhGVGNnSE11ekNpSGFZN2dVY2Q0T1NNMnVzWXc2aHdYKzNwQVl3citmUmR1N2EKMXFKUzNmU2RHcHdycVBmR01TVUNod0tSTFpYQ2VpSzAzd0pTN3I5Q1k2aTZUdXlEY1BhNlQxUXlMaHpHV0VMTQo0cWhWdnNSRFNBelpKUWUrTjR4VU9nbFlrbUNJNFF0Y1NvWlFVUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGTXQxb2lwUjVCVFNEMEVERkZjdzVoYUh6cFVFTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlFEcXNQV1FDcDRSTkc5OWJpeWFFaFNvc0lsdmFwY0V2R2JoRk5ieUxOYlBaYkwxOTdXRUQwCldjemJ0TXN1MWFSOVN2Umg4Y3MrUEw5SUluK2grYWJUVzEvakVqSFlNS01qU0Z0Z1JMS0N0aDBmVkc0T0puRzkKV2hubGZuTUl2T3I4Z3pnWU0zZldaRHJSeG82MXBQQjhJN0RWQk9FWXZMdDI2SFVOTGdxTkg0bStPRzdVeEVHMwpwb0xQYnNRNXZUUGQ4V2UyYjNZL092bnloQytVUFZaN292L0d1ZnRlRXFQTEkzQjRHaDRsUmZGYk9ZdmxQRnlHClZ2SzNMTXR1Zmw4aXRXUXZtUHdJQkEzYW92YXFYQUZhMnhUbmcyb2NTV3Y1dGRWb0tLMmd2cU5VK215WFZ6L0sKTGQ2VTZKSFROSHhTWlBVMU1kMHpFSnRZbEI0ZWliUFEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWakNDQWo2Z0F3SUJBZ0lRTFlYSzJVbmxIS3NvTDdCZS95Y1BNVEFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV3TlRBeU1Ua3dOakV4V2hjTk1qWXdOVEF5TVRrdwpOakV4V2pBcU1TZ3dKZ1lEVlFRRERCOHFMbVJsWm1GMWJIUXVhSFZpWW14bExXZHljR011WTJsc2FYVnRMbWx2Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNWhNQlNtNVNLeWhaRG9udXRoMmoKeHVYOXA2YkdhZUV6L2gvOEthSSthSTJuTHp5L1djeWVKWER6VmMwbjMzQ1JwSFhVYVJuMkNKSTc4YTl2V08zNwpTaFhMMmx3aG5PZldvVmdDbmdNam5yVFdnVTRxRUlkT25jOTNhRWpUQnp3ZWpnL1pON05iZjBvMWhBOXBWUjdaCkFRUWVtZkJyTHBqN0dra25FalBpRWlVN21PcnlucU9ReWV6ZVkyMnQzbXZBN3drSEJjcnVwSC9QQ0hGUE1IUlUKSnoxL04xbFlNbnFxbVJZMGJqMlNrMC9ObU5NN0FKblI0K0FxTnZIQWg1VGw0U1lBME16a0ptekFXemxwbTFUYgpKR2ZPbkgzNTNYb0s3dm93TlNuRWt3QVJpRFZZWDVwenBqamFSNStkOTNjVUE1bkp3cFV2QmdtQy9iMU9VVFJoCmp3SURBUUFCbzRHTk1JR0tNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0QKQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUTGRhSXFVZVFVMGc5QgpBeFJYTU9ZV2g4NlZCREFxQmdOVkhSRUVJekFoZ2g4cUxtUmxabUYxYkhRdWFIVmlZbXhsTFdkeWNHTXVZMmxzCmFYVnRMbWx2TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQjBjQXRPbXh4SFdQcVhyWjRhQUVSM25hT1gyd2EKODVsVHVzZ0RpbTcwbXVhK1pqRXAxU2psME40S2ZtQlJZQXJqcFlvR2xSRTVmOGMwaU1RRzlxMkNpUXZYVHFxLwpTRVcyaS9EaDZGc1BkN1VpUjBqcVNuTGJLRmp6alBNUm5wdUY0VHVBMk9MMmVaQW4rWDE5MWVEQXRQUWRPWXloCjFTbWc4eEkzem54OVEvU3BYb3BsZFFBaFRoN1F2RGJvZnVNcnFvbE9YUytFT2kwaHVZRnVzUnVSMEwyTFZXcEcKOTNoY1ptY1pBcVFlcnprL05hM2QyTi9zOUVzNEVQVnZTcWZiYVpveG9LZm83TWJvTlRWQ3hUdWFxZnQwYTZsQwp0UnhjQ3JWUVJrUDJjWVlMdHIvUHEyUnRYWnRodXhOWVh1TW5BbU9yZmVtYzZ2d3U3U0crZTYyMgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBNWhNQlNtNVNLeWhaRG9udXRoMmp4dVg5cDZiR2FlRXovaC84S2FJK2FJMm5MenkvCldjeWVKWER6VmMwbjMzQ1JwSFhVYVJuMkNKSTc4YTl2V08zN1NoWEwybHdobk9mV29WZ0NuZ01qbnJUV2dVNHEKRUlkT25jOTNhRWpUQnp3ZWpnL1pON05iZjBvMWhBOXBWUjdaQVFRZW1mQnJMcGo3R2trbkVqUGlFaVU3bU9yeQpucU9ReWV6ZVkyMnQzbXZBN3drSEJjcnVwSC9QQ0hGUE1IUlVKejEvTjFsWU1ucXFtUlkwYmoyU2swL05tTk03CkFKblI0K0FxTnZIQWg1VGw0U1lBME16a0ptekFXemxwbTFUYkpHZk9uSDM1M1hvSzd2b3dOU25Fa3dBUmlEVlkKWDVwenBqamFSNStkOTNjVUE1bkp3cFV2QmdtQy9iMU9VVFJoandJREFRQUJBb0lCQVFERFpZS2tIdnVqOFpsbwo4cFlNanpHbjIyNUlzeWd4aGZTdEw2YnVDUCt0dGhnMTB3YkVFamFCbitMWmpPbi9KdEJhZDBQVm14bkwvNzN2CkxjcUlJVjFZZHhoeE0rdk1JVTIwSzFYVnN0N09pOURkY20vaEo3a0o1OGdHaGtyTEN6RDcvOVBBTFpCWWs4TE4KakhVdHVJd2VBOHlsZW56Y3owbjY4Z08vdnRhU0J2YUhva3llK2VxY1Z4VGJEU01rK0QrZkkvS29MbmVJemJuQwppVHJKT3lWVWJYaFA4TjRRQ1BCSEh2VFB6MGcrOVo0WXFRVGJ4U3RnRXpjU1FjYitLeFlIQm5VVlJaWDFHTzRsCll5dUVaSktOcWMwejhUVXA2NEpPY3BBYkR5anFJSUswcUQ1WkU2dnpMVmFXc3hBLy8zRlVUSEVDbUFhNEp0NkkKbG4yYmhZRHBBb0dCQVB3RlUvdS93NVYzRDB1dTJMaVRha1pRS1daU2FQZkt5Qmp1KzRoUnh1U3FZVTZHdnNJcQpmQit5Tjl5UG92U3NDRDBteVJKak5GZTdGdFpxdDIyU1A4UXMxOGR1d3FiTnV5cDdwSTB3THlXNWhwUUMyaFZ5CnNpVm9FMjJrVlNUc1ZXU3IyYjQwWnZOcVhRV3BBVkZ2empRSWJ6SVM0WnNuLzV2eWtzdWs5eWhyQW9HQkFPbTAKOS9YdVdYeW5iOCtzeHRNSk1NM3hNMmw0Vi8ramhFVEYwdS9hY1JSQldvRjFhdUJIeGxGUkRmd0luNzJHQUlvYwpXelB5NVNxQ2dCU2xOUGdiSGRZYVZsUHVvZW9IZFg5T25FUThBd25TRnVvRTY0OW51Qml6VXNlaTFOOUR0NUtrCnFkbzI1SkhqSEh4amNaQ29EenZlcmJQZkc1SEU2TVVHS3BaMW80UnRBb0dCQUxoMnFlY05rSG01SUkvejFac2MKQTJDZDBmK2IrRXJPdVRGTzB2c1BhRFg4NDZaWGlBNlVqQytqQWJKRnpDK3NMNGVhK1BlbGR5MXp1aDZORTk5MgplWWY4anAvaDJVWEFOZXU5Zms3OVlyVUpHNUVBbVdHemh1Tk1UMVFrUVZINlRmS1d1cFMyeEZnTWxUUE1aVE9YClUyWFFlcHM3S0xpcFNUVjdFcWxPQUw0ckFvR0JBTnFzS3FzaGR2Zk5EekNwUUd3c0dFOUtGY25sQWFtL3pUNHcKUDV1UHIraTg4YnRhSzBOcHhTVkhDeWU4eGdLbWhKQzEwWng4OUhKZkl3cXVQaTY3NktIeGlMOEY5Tmd1WElGZgpBNVpROUtMV3dmdjcySkVaQWtlU1dxMVRMWTB1Sm5EK3c3TGJVK2t4TVBFdWR3OWNRTXpMSVlyQkFtSFZkZHNNClZ3THJWYkhOQW9HQUJscFRUOFRMbVFmRXNGekttMEMwQ3JlY1g2UmNRUURjZklnK0tjSzkyNm9TMm5QS2J2NHoKcDB6cDl2US8rT0NyWjg1N3ErT1l5ZCtzNDlPMDc4OVJqbm1KRzAxQzNwaTlHQ3Y5eUF2aG80WVFna3pTTTFzUgo0VjI4K2hNYVlkWkdRT3pVVjZabUV1cXNLMUdLNjkzZldpTS84TkMydXZXcXlhZFhLUGlpREFZPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRWDhrSVBBQ0pXeitRRlZIVUlOcm9FekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TVRBeU1UVTBNakV4V2hjTk1qZ3hNVEF4TVRVMApNakV4V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQ3JFYmcvOHZGalgyQXcrREY0My9KTkc0VFhuRDJoY2xrVGFiR3A1UXRYYmpnN1pMNy8KeHdNdW56M3BpNlZENkVrME9sbmVNK0EyNUxIVlZnRzJHUktrQ2lMOVpEakdJSkordXhWZmZSZDVYc0hRYzVzWgo4SzZEaG5NZGRJWWpoTzJhakNvSGdNUVYwOXNPODZtN0tCQmdLbTZmeDFPQVlFbHlXM0dwRWVVMndpMnFXK1pUCmJDQ045NWJ6bFNqd3grNFlZZUtoOEVKU2NnUk5IUi90Qis1OFlmTzIvaGRLaC9TSnJxek5XLzBQRDhVL1Y3KzkKdzR3eXMwMlFKUlZNb3hLVU9JQWozcFByMGhvTUU4by9TNG9UWjZJSUo1R0R1VWFnbnNVL3FCbjJJMnUzQkR4SgpoNk5XMGd6TjY5MTl2TVZmSnJxdXo4V1hJMGwzUkxKTklhOUZBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVU2YjRabzdCcjd1TWlTaUtsQlJ1eWxrYmMxWHd3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFHbTIzSjhvL2ZtTmRwME1GWjRRZ0M1S2hlc1BTQ2xwSm9jOENWZjE2eTdFWHkrNGRqMzYzKzdMClpSNFlRc3VGMUhDbDZxRG8xbVVEMC9GdDdRZWtDREV2U2VKOUEvd29SbUlENmR1VG9uSDBQUU1lM1dOUUYxZlgKSE5zWmt5WE1pejBWelFJMWFhSmU5WHNkMzgrM3RqT011UlRtOW9ZQzJsUHk2QVpsT1pidUNhVTE1UU03bkZzcgpHYVZpYlJTWVlMUHc3cExFdS90ZHAzSXlra1lSeU9WRWZLaUJ6QjRsZlE0Z1FCUXBpMkc0bGYvak50V2g0QTBOCmVGQ0JLTEZZZXE1ZjQwRksySEQ3NHBUMWJ4cURCMm9LdkNOUS9jUnl3d3o4RGRKRVpIbFVENXFtc2dQT3Z0b2oKcG94R2lMZDl1WlFYcHNWSWJnalY0c29sNTdQcjZvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWekNDQWorZ0F3SUJBZ0lSQU0rYUc5QjRwYmF6dXM2SWNaRCtuaEV3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTVRFd01qRTFOREl4TVZvWERUSTJNVEV3TWpFMQpOREl4TVZvd0tqRW9NQ1lHQTFVRUF3d2ZLaTVrWldaaGRXeDBMbWgxWW1Kc1pTMW5jbkJqTG1OcGJHbDFiUzVwCmJ6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU11NTBGYzg0aUE2MjcvTnByNjkKRmdyYlpTMTAvNXF1NngzWWUvVWpFQUJFSGZ3aExBdTlIR1ZiaWJSb3lXT0JHZ2MvTmxvTUhjbUZEYzQ2dzlVNApSOURWdGhmOFR4TVVUeGtDZlVTMGJMMEExNGlDMVNKT01zeldyNjJ0bDVnNTllN0xKTEpRS0IxZHB4UjZUaHhOCkRBVFhIcGtpQzJ0V0R5OU5NZ0tETnBIa2RTdm9nYlZuVUxOdUY4NWtsQjc5SVB0Y1dTakNYMWZVUkVqcE9pZEsKYi81K2gzeDkxMXUySDZJZEpacDZvM0dXM0R1dlkxdHl4VTVYbHNqTmlzZkZJSVRDaTlETmxmUnM1SFgzU3pvSQpvQnhBbDZxUEZKM040OVNTWkZFRncyVVBQVThPMktxaXo4cnBYa2thU0RZbS95SUI1RGs5cGRqQUpoM3dRQ3dOCi9qRUNBd0VBQWFPQmpUQ0JpakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUgKQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVTZiNFpvN0JyN3VNaQpTaUtsQlJ1eWxrYmMxWHd3S2dZRFZSMFJCQ013SVlJZktpNWtaV1poZFd4MExtaDFZbUpzWlMxbmNuQmpMbU5wCmJHbDFiUzVwYnpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUNLaFk4b3NGTzV4UTNzSURzbnJQR3NoTHZQOWcKRXlsUlpQUU9xUnhKNUZKT0E4VS9Ibmt2MWFGUGNYNzJUSExYQW54S0xQWktDa1QrSTM1cUNSVHM1R2ZqNkRNNgpoaFVrUGJKS0pHSGxvM1BTcG1zcEZwT0R4VVVvaTUrbW1aZWxFZ1FGbldMQUxpWTNwWjRWRGp1UWhoVG0wekdHCjJNZUtOektPQXZ2ZDhkcVR6c3RuREp1MmdRTU1GZDh1RlA1N3JDdHY2QWZRRDBRMGtCOTZJMk5LT0xSbURDb0IKcnEvNXc1cTZZanZPaWhENzZITjhqS0dZcWNtVTlKSUd0VWV6Q0RNdFhEYmpWT3o5VDQ2T1lRcGlJTDFCUy9QUgpKanQ2Z3kyZ2ZLSk1sdXZKTm5jSW1IZkxMekZHcTFTZVQyVzJFNnJZbzlvdUgwTDFTSHcxYkQ1VnRRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeTduUVZ6emlJRHJidjgybXZyMFdDdHRsTFhUL21xN3JIZGg3OVNNUUFFUWQvQ0VzCkM3MGNaVnVKdEdqSlk0RWFCejgyV2d3ZHlZVU56anJEMVRoSDBOVzJGL3hQRXhSUEdRSjlSTFJzdlFEWGlJTFYKSWs0eXpOYXZyYTJYbURuMTdzc2tzbEFvSFYybkZIcE9IRTBNQk5jZW1TSUxhMVlQTDAweUFvTTJrZVIxSytpQgp0V2RRczI0WHptU1VIdjBnKzF4WktNSmZWOVJFU09rNkowcHYvbjZIZkgzWFc3WWZvaDBsbW5xamNaYmNPNjlqClczTEZUbGVXeU0yS3g4VWdoTUtMME0yVjlHemtkZmRMT2dpZ0hFQ1hxbzhVbmMzajFKSmtVUVhEWlE4OVR3N1kKcXFMUHl1bGVTUnBJTmliL0lnSGtPVDJsMk1BbUhmQkFMQTMrTVFJREFRQUJBb0lCQVFDYm1KRmM3NjB0UEliMQptUllQZTg5SC80VHBFUURmblZVSmVIeEVIOEZxMHB1c0k1SEdiV3N3cHBjbjZSaFhIUlZLRDZkdFl1K2xLREFCCklMVE5OcXp5L1NhVWJ5bmR3cGNlM04zY0NZazdXVmRFZGRoZTJTYkhkL2k1UjJvTzQ4WEgyZk52RlBWdWFFYmgKeHYrOWNjTUtOMXF4VG1VMlY0WkZkRW9MelRkeWVKT0N0NDk2UTl4dlU2eFB5SjB5czVDdmxrZ29yY2VzQ1QrOQpKZVFHSDVkd0FScDlVaFFqOXQ2UUlaUGJTMHd5VDRrdnR5NXJ0czlES0xyN21IU1haQndkellqZisyOXRKUE12Cm50UnFKaHVYMnk4bmZVQ3pSc0dIMEl6eURXUElzRDRFKzVSd2FFTis4ZGZNSHZtcWpucVlFa0pIU3RhSlRZSnkKL2pIRENXelpBb0dCQU9LK0RDTnAyZ01OK3crY3YycHUxeHA4elRjVVM2SzlDalBkSlRMVEJJVFhhOThkTXJkZwp0bGIxd0FsUU9PeTNZNTNxb1Y5ZXhIeVBvWUIvby9UT0pDdHh4ZHFpVDZEb2lHYSs3MlhlaDVpQWdmR2FXTlJGCjVUNCs3MnFkU09lQjZab09lZVJaYjk1LzJlMGJNeHdUZkpIT0pTOTVFMUN4ZE1icENOQkh5L3kzQW9HQkFPWUQKZHNpYkE0dmlKYnZSTG5ETEJCNlpIbWF3MnNZcmJxWXVWNy9KcnRseXlPb25DQVA1THZlanVETUxodC9VUzZ3NApacTN2dnI5dWdZK0hKSDJwWTZYQ1lueTRRNkorNzRiRHdXMnhzMk5mVy9iOXlaa3pHUGw0SUN5RU5sbGE4Q3JYClRCdFIrNmZTbTRpM1lFNEVIdy9hUkNaUWxRMWJFcm1vb1pISXVjUlhBb0dBZXBpOVlXeDdWMGw0NU9FZzBrQnEKQjhWUkJDWHlHMlRSSG1mRkZDenFkWlV3bXl0alg2bG9EYTdFallTVnN0QVppYW55Wk9tTm5iZmZYK1lqMVZxYwpUZTB2U0Y2WVpXMDFTekNUcW1YZXRRTk92ejV3Sng0L3JCOUZQa1VheFNvR0Q2a2lHT2lPeHlRanhjTCtLSUVVCnlwVkduOXQ4S1JZNkNNNjVXRHhwdkJNQ2dZQUtNdmtmYUJBK01hYnVyeFhhRm9aMlBOL21PYzFab0M5bDJ3UTEKRXVKWDdna09xUEJvRExLU2RJWUViV3hybkdSR25MR2c0TkthZG5IMFJVL082cVhxZ2JZUVJiTnFEeXJiMU81TQp5T1psYjZNS1RyS1R3bnBIQlphWG9yMHVOU1FWSWpyVHMwenZZaDFYY0pvcW0zQXRLY1ovMUc3bmlyUkgyenhlCjFJRzRQUUtCZ0dIRnFPMkY4Y0pqQUpwbXVhQ0I2UnVLanUwaXd0RzBweGNxanBxMWQyeDZzL2ROMmNmQXZZRU8KY24xNE1VMmk5SXJZRi9EOGw5Qms0bldaaE5ObURFelZTTGNDTFhUd1g5dHFVOWtzODJXZE94aVNqOTRnQzMzbgpuT29kdHpXVWE4bHJ4cGxvZGFVNkU0Y2c2WFhpWG5PY3ZubDgwd0RxN21oYUJrL3VkNElLCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: cilium/templates/cilium-configmap.yaml apiVersion: v1 @@ -118,6 +119,7 @@ cluster: # If you want to run cilium in debug mode change this value to true debug: "false" debug-verbose: "" + metrics-sampling-interval: "5m" # The agent can be put into the following three policy enforcement modes # default, always and never. # https://docs.cilium.io/en/latest/security/policy/intro/#policy-enforcement-modes @@ -166,6 +168,9 @@ cluster: # bpf-policy-map-max specifies the maximum number of entries in endpoint # policy map (per endpoint) bpf-policy-map-max: "16384" + # bpf-policy-stats-map-max specifies the maximum number of entries in global + # policy stats map + bpf-policy-stats-map-max: "65536" # bpf-lb-map-max specifies the maximum number of entries in bpf lb service, # backend and affinity maps. bpf-lb-map-max: "65536" @@ -197,7 +202,7 @@ cluster: preallocate-bpf-maps: "false" # Name of the cluster. Only relevant when building a mesh of clusters. - cluster-name: default + cluster-name: "default" # Unique ID of the cluster. Must be unique across all conneted clusters and # in the range of 1 and 255. Only relevant when building a mesh of clusters. cluster-id: "0" @@ -216,7 +221,6 @@ cluster: # Enables L7 proxy for L7 policy enforcement and visibility enable-l7-proxy: "true" - enable-ipv4-masquerade: "true" enable-ipv4-big-tcp: "false" enable-ipv6-big-tcp: "false" @@ -231,8 +235,8 @@ cluster: auto-direct-node-routes: "false" direct-routing-skip-unreachable: "false" - enable-local-redirect-policy: "false" - enable-runtime-device-detection: "true" + + kube-proxy-replacement: "true" kube-proxy-replacement-healthz-bind-address: "" @@ -243,10 +247,8 @@ cluster: node-port-bind-protection: "true" enable-auto-protect-node-port-range: "true" bpf-lb-acceleration: "disabled" - enable-experimental-lb: "false" enable-svc-source-range-check: "true" - enable-l2-neigh-discovery: "true" - arping-refresh-period: "30s" + enable-l2-neigh-discovery: "false" k8s-require-ipv4-pod-cidr: "false" k8s-require-ipv6-pod-cidr: "false" enable-k8s-networkpolicy: "true" @@ -266,8 +268,7 @@ cluster: enable-hubble: "true" # UNIX domain socket for Hubble server to listen to. hubble-socket-path: "/var/run/cilium/hubble.sock" - hubble-export-file-max-size-mb: "10" - hubble-export-file-max-backups: "5" + hubble-network-policy-correlation-enabled: "true" # An additional address for Hubble server to listen to (e.g. ":4244"). hubble-listen-address: ":4244" hubble-disable-tls: "false" @@ -289,7 +290,8 @@ cluster: procfs: "/host/proc" bpf-root: "/sys/fs/bpf" cgroup-root: "/sys/fs/cgroup" - enable-k8s-terminating-endpoint: "true" + + identity-management-mode: "agent" enable-sctp: "false" remove-cilium-node-taints: "true" set-cilium-node-taints: "true" @@ -304,6 +306,7 @@ cluster: tofqdns-idle-connection-grace-period: "0s" tofqdns-max-deferred-connection-deletes: "10000" tofqdns-proxy-response-max-delay: "100ms" + tofqdns-preallocate-identities: "true" agent-not-ready-taint-key: "node.cilium.io/agent-not-ready" mesh-auth-enabled: "true" @@ -328,6 +331,7 @@ cluster: max-connected-clusters: "255" clustermesh-enable-endpoint-sync: "false" clustermesh-enable-mcs-api: "false" + policy-default-local-cluster: "false" nat-map-stats-entries: "32" nat-map-stats-interval: "30s" @@ -348,7 +352,7 @@ cluster: data: # Keep the key name as bootstrap-config.json to avoid breaking changes bootstrap-config.json: | - {"admin":{"address":{"pipe":{"path":"/var/run/cilium/envoy/sockets/admin.sock"}}},"applicationLogConfig":{"logFormat":{"textFormat":"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"}},"bootstrapExtensions":[{"name":"envoy.bootstrap.internal_listener","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"}}],"dynamicResources":{"cdsConfig":{"apiConfigSource":{"apiType":"GRPC","grpcServices":[{"envoyGrpc":{"clusterName":"xds-grpc-cilium"}}],"setNodeOnFirstMessageOnly":true,"transportApiVersion":"V3"},"initialFetchTimeout":"30s","resourceApiVersion":"V3"},"ldsConfig":{"apiConfigSource":{"apiType":"GRPC","grpcServices":[{"envoyGrpc":{"clusterName":"xds-grpc-cilium"}}],"setNodeOnFirstMessageOnly":true,"transportApiVersion":"V3"},"initialFetchTimeout":"30s","resourceApiVersion":"V3"}},"node":{"cluster":"ingress-cluster","id":"host~127.0.0.1~no-id~localdomain"},"overloadManager":{"resourceMonitors":[{"name":"envoy.resource_monitors.global_downstream_max_connections","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig","max_active_downstream_connections":"50000"}}]},"staticResources":{"clusters":[{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"ingress-cluster","type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"useDownstreamProtocolConfig":{}}}},{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"egress-cluster-tls","transportSocket":{"name":"cilium.tls_wrapper","typedConfig":{"@type":"type.googleapis.com/cilium.UpstreamTlsWrapperContext"}},"type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"upstreamHttpProtocolOptions":{},"useDownstreamProtocolConfig":{}}}},{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"egress-cluster","type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"useDownstreamProtocolConfig":{}}}},{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"ingress-cluster-tls","transportSocket":{"name":"cilium.tls_wrapper","typedConfig":{"@type":"type.googleapis.com/cilium.UpstreamTlsWrapperContext"}},"type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"upstreamHttpProtocolOptions":{},"useDownstreamProtocolConfig":{}}}},{"connectTimeout":"2s","loadAssignment":{"clusterName":"xds-grpc-cilium","endpoints":[{"lbEndpoints":[{"endpoint":{"address":{"pipe":{"path":"/var/run/cilium/envoy/sockets/xds.sock"}}}}]}]},"name":"xds-grpc-cilium","type":"STATIC","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","explicitHttpConfig":{"http2ProtocolOptions":{}}}}},{"connectTimeout":"2s","loadAssignment":{"clusterName":"/envoy-admin","endpoints":[{"lbEndpoints":[{"endpoint":{"address":{"pipe":{"path":"/var/run/cilium/envoy/sockets/admin.sock"}}}}]}]},"name":"/envoy-admin","type":"STATIC"}],"listeners":[{"address":{"socketAddress":{"address":"0.0.0.0","portValue":9964}},"filterChains":[{"filters":[{"name":"envoy.filters.network.http_connection_manager","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager","httpFilters":[{"name":"envoy.filters.http.router","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"}}],"internalAddressConfig":{"cidrRanges":[{"addressPrefix":"10.0.0.0","prefixLen":8},{"addressPrefix":"172.16.0.0","prefixLen":12},{"addressPrefix":"192.168.0.0","prefixLen":16},{"addressPrefix":"127.0.0.1","prefixLen":32}]},"routeConfig":{"virtualHosts":[{"domains":["*"],"name":"prometheus_metrics_route","routes":[{"match":{"prefix":"/metrics"},"name":"prometheus_metrics_route","route":{"cluster":"/envoy-admin","prefixRewrite":"/stats/prometheus"}}]}]},"statPrefix":"envoy-prometheus-metrics-listener","streamIdleTimeout":"0s"}}]}],"name":"envoy-prometheus-metrics-listener"},{"address":{"socketAddress":{"address":"127.0.0.1","portValue":9878}},"filterChains":[{"filters":[{"name":"envoy.filters.network.http_connection_manager","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager","httpFilters":[{"name":"envoy.filters.http.router","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"}}],"internalAddressConfig":{"cidrRanges":[{"addressPrefix":"10.0.0.0","prefixLen":8},{"addressPrefix":"172.16.0.0","prefixLen":12},{"addressPrefix":"192.168.0.0","prefixLen":16},{"addressPrefix":"127.0.0.1","prefixLen":32}]},"routeConfig":{"virtual_hosts":[{"domains":["*"],"name":"health","routes":[{"match":{"prefix":"/healthz"},"name":"health","route":{"cluster":"/envoy-admin","prefixRewrite":"/ready"}}]}]},"statPrefix":"envoy-health-listener","streamIdleTimeout":"0s"}}]}],"name":"envoy-health-listener"}]}} + {"admin":{"address":{"pipe":{"path":"/var/run/cilium/envoy/sockets/admin.sock"}}},"applicationLogConfig":{"logFormat":{"textFormat":"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"}},"bootstrapExtensions":[{"name":"envoy.bootstrap.internal_listener","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"}}],"dynamicResources":{"cdsConfig":{"apiConfigSource":{"apiType":"GRPC","grpcServices":[{"envoyGrpc":{"clusterName":"xds-grpc-cilium"}}],"setNodeOnFirstMessageOnly":true,"transportApiVersion":"V3"},"initialFetchTimeout":"30s","resourceApiVersion":"V3"},"ldsConfig":{"apiConfigSource":{"apiType":"GRPC","grpcServices":[{"envoyGrpc":{"clusterName":"xds-grpc-cilium"}}],"setNodeOnFirstMessageOnly":true,"transportApiVersion":"V3"},"initialFetchTimeout":"30s","resourceApiVersion":"V3"}},"node":{"cluster":"ingress-cluster","id":"host~127.0.0.1~no-id~localdomain"},"overloadManager":{"resourceMonitors":[{"name":"envoy.resource_monitors.global_downstream_max_connections","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig","max_active_downstream_connections":"50000"}}]},"staticResources":{"clusters":[{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"ingress-cluster","type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"useDownstreamProtocolConfig":{}}}},{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"egress-cluster-tls","transportSocket":{"name":"cilium.tls_wrapper","typedConfig":{"@type":"type.googleapis.com/cilium.UpstreamTlsWrapperContext"}},"type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"upstreamHttpProtocolOptions":{},"useDownstreamProtocolConfig":{}}}},{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"egress-cluster","type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"useDownstreamProtocolConfig":{}}}},{"circuitBreakers":{"thresholds":[{"maxRetries":128}]},"cleanupInterval":"2.500s","connectTimeout":"2s","lbPolicy":"CLUSTER_PROVIDED","name":"ingress-cluster-tls","transportSocket":{"name":"cilium.tls_wrapper","typedConfig":{"@type":"type.googleapis.com/cilium.UpstreamTlsWrapperContext"}},"type":"ORIGINAL_DST","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions":{"idleTimeout":"60s","maxConnectionDuration":"0s","maxRequestsPerConnection":0},"upstreamHttpProtocolOptions":{},"useDownstreamProtocolConfig":{}}}},{"connectTimeout":"2s","loadAssignment":{"clusterName":"xds-grpc-cilium","endpoints":[{"lbEndpoints":[{"endpoint":{"address":{"pipe":{"path":"/var/run/cilium/envoy/sockets/xds.sock"}}}}]}]},"name":"xds-grpc-cilium","type":"STATIC","typedExtensionProtocolOptions":{"envoy.extensions.upstreams.http.v3.HttpProtocolOptions":{"@type":"type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions","explicitHttpConfig":{"http2ProtocolOptions":{}}}}},{"connectTimeout":"2s","loadAssignment":{"clusterName":"/envoy-admin","endpoints":[{"lbEndpoints":[{"endpoint":{"address":{"pipe":{"path":"/var/run/cilium/envoy/sockets/admin.sock"}}}}]}]},"name":"/envoy-admin","type":"STATIC"}],"listeners":[{"address":{"socketAddress":{"address":"0.0.0.0","portValue":9964}},"filterChains":[{"filters":[{"name":"envoy.filters.network.http_connection_manager","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager","httpFilters":[{"name":"envoy.filters.http.router","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"}}],"internalAddressConfig":{"cidrRanges":[{"addressPrefix":"10.0.0.0","prefixLen":8},{"addressPrefix":"172.16.0.0","prefixLen":12},{"addressPrefix":"192.168.0.0","prefixLen":16},{"addressPrefix":"127.0.0.1","prefixLen":32}]},"routeConfig":{"virtualHosts":[{"domains":["*"],"name":"prometheus_metrics_route","routes":[{"match":{"prefix":"/metrics"},"name":"prometheus_metrics_route","route":{"cluster":"/envoy-admin","prefixRewrite":"/stats/prometheus"}}]}]},"statPrefix":"envoy-prometheus-metrics-listener","streamIdleTimeout":"300s"}}]}],"name":"envoy-prometheus-metrics-listener"},{"address":{"socketAddress":{"address":"127.0.0.1","portValue":9878}},"filterChains":[{"filters":[{"name":"envoy.filters.network.http_connection_manager","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager","httpFilters":[{"name":"envoy.filters.http.router","typedConfig":{"@type":"type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"}}],"internalAddressConfig":{"cidrRanges":[{"addressPrefix":"10.0.0.0","prefixLen":8},{"addressPrefix":"172.16.0.0","prefixLen":12},{"addressPrefix":"192.168.0.0","prefixLen":16},{"addressPrefix":"127.0.0.1","prefixLen":32}]},"routeConfig":{"virtual_hosts":[{"domains":["*"],"name":"health","routes":[{"match":{"prefix":"/healthz"},"name":"health","route":{"cluster":"/envoy-admin","prefixRewrite":"/ready"}}]}]},"statPrefix":"envoy-health-listener","streamIdleTimeout":"300s"}}]}],"name":"envoy-health-listener"}]}} --- # Source: cilium/templates/hubble-relay/configmap.yaml apiVersion: v1 @@ -379,7 +383,7 @@ cluster: name: hubble-ui-nginx namespace: kube-system data: - nginx.conf: "server {\n listen 8081;\n listen [::]:8081;\n server_name localhost;\n root /app;\n index index.html;\n client_max_body_size 1G;\n\n location / {\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n\n location /api {\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_pass http://127.0.0.1:8090;\n }\n location / {\n # double `/index.html` is required here \n try_files $uri $uri/ /index.html /index.html;\n }\n\n # Liveness probe\n location /healthz {\n access_log off;\n add_header Content-Type text/plain;\n return 200 'ok';\n }\n }\n}" + nginx.conf: "server {\n listen 8081;\n listen [::]:8081;\n server_name localhost;\n root /app;\n index index.html;\n client_max_body_size 1G;\n\n location / {\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n\n location /api {\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_pass http://127.0.0.1:8090;\n }\n location / {\n if ($http_user_agent ~* \"kube-probe\") { access_log off; }\n # double `/index.html` is required here\n try_files $uri $uri/ /index.html /index.html;\n }\n\n # Liveness probe\n location /healthz {\n access_log off;\n add_header Content-Type text/plain;\n return 200 'ok';\n }\n }\n}" --- # Source: cilium/templates/cilium-agent/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -694,7 +698,6 @@ cluster: - ciliumendpoints.cilium.io - ciliumendpointslices.cilium.io - ciliumenvoyconfigs.cilium.io - - ciliumexternalworkloads.cilium.io - ciliumidentities.cilium.io - ciliumlocalredirectpolicies.cilium.io - ciliumnetworkpolicies.cilium.io @@ -703,6 +706,7 @@ cluster: - ciliumcidrgroups.cilium.io - ciliuml2announcementpolicies.cilium.io - ciliumpodippools.cilium.io + - ciliumgatewayclassconfigs.cilium.io - apiGroups: - cilium.io resources: @@ -862,7 +866,7 @@ cluster: kind: Role metadata: name: cilium-tlsinterception-secrets - namespace: "cilium-secrets" + namespace: "cilium-secrets" labels: app.kubernetes.io/part-of: cilium rules: @@ -1053,6 +1057,7 @@ cluster: template: metadata: annotations: + kubectl.kubernetes.io/default-container: cilium-agent labels: k8s-app: cilium app.kubernetes.io/name: cilium-agent @@ -1061,9 +1066,11 @@ cluster: securityContext: appArmorProfile: type: Unconfined + seccompProfile: + type: Unconfined containers: - name: cilium-agent - image: "quay.io/cilium/cilium:v1.17.3@sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873" + image: "quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15" imagePullPolicy: IfNotPresent command: - cilium-agent @@ -1078,7 +1085,7 @@ cluster: httpHeaders: - name: "brief" value: "true" - failureThreshold: 105 + failureThreshold: 300 periodSeconds: 2 successThreshold: 1 initialDelaySeconds: 5 @@ -1091,6 +1098,8 @@ cluster: httpHeaders: - name: "brief" value: "true" + - name: "require-k8s-connectivity" + value: "false" periodSeconds: 30 successThreshold: 1 failureThreshold: 10 @@ -1130,6 +1139,10 @@ cluster: value: "localhost" - name: KUBERNETES_SERVICE_PORT value: "7445" + - name: KUBE_CLIENT_BACKOFF_BASE + value: "1" + - name: KUBE_CLIENT_BACKOFF_DURATION + value: "120" lifecycle: postStart: exec: @@ -1224,9 +1237,10 @@ cluster: readOnly: true - name: tmp mountPath: /tmp + initContainers: - name: config - image: "quay.io/cilium/cilium:v1.17.3@sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873" + image: "quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15" imagePullPolicy: IfNotPresent command: - cilium-dbg @@ -1251,7 +1265,7 @@ cluster: mountPath: /tmp terminationMessagePolicy: FallbackToLogsOnError - name: apply-sysctl-overwrites - image: "quay.io/cilium/cilium:v1.17.3@sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873" + image: "quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15" imagePullPolicy: IfNotPresent env: - name: BIN_PATH @@ -1289,7 +1303,7 @@ cluster: # from a privileged container because the mount propagation bidirectional # only works from privileged containers. - name: mount-bpf-fs - image: "quay.io/cilium/cilium:v1.17.3@sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873" + image: "quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15" imagePullPolicy: IfNotPresent args: - 'mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf' @@ -1305,7 +1319,7 @@ cluster: mountPath: /sys/fs/bpf mountPropagation: Bidirectional - name: clean-cilium-state - image: "quay.io/cilium/cilium:v1.17.3@sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873" + image: "quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15" imagePullPolicy: IfNotPresent command: - /init-container.sh @@ -1355,7 +1369,7 @@ cluster: mountPath: /var/run/cilium # wait-for-kube-proxy # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent - name: install-cni-binaries - image: "quay.io/cilium/cilium:v1.17.3@sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873" + image: "quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15" imagePullPolicy: IfNotPresent command: - "/install-plugin.sh" @@ -1380,6 +1394,7 @@ cluster: automountServiceAccountToken: true terminationGracePeriodSeconds: 1 hostNetwork: true + affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -1538,7 +1553,7 @@ cluster: type: Unconfined containers: - name: cilium-envoy - image: "quay.io/cilium/cilium-envoy:v1.32.5-1744305768-f9ddca7dcd91f7ca25a505560e655c47d3dec2cf@sha256:a01cadf7974409b5c5c92ace3d6afa298408468ca24cab1cb413c04f89d3d1f9" + image: "quay.io/cilium/cilium-envoy:v1.34.10-1761014632-c360e8557eb41011dfb5210f8fb53fed6c0b3222@sha256:ca76eb4e9812d114c7f43215a742c00b8bf41200992af0d21b5561d46156fd15" imagePullPolicy: IfNotPresent command: - /usr/bin/cilium-envoy-starter @@ -1715,9 +1730,12 @@ cluster: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator spec: + securityContext: + seccompProfile: + type: RuntimeDefault containers: - name: cilium-operator - image: "quay.io/cilium/operator-generic:v1.17.3@sha256:8bd38d0e97a955b2d725929d60df09d712fb62b60b930551a29abac2dd92e597" + image: "quay.io/cilium/operator-generic:v1.18.3@sha256:b5a0138e1a38e4437c5215257ff4e35373619501f4877dbaf92c89ecfad81797" imagePullPolicy: IfNotPresent command: - cilium-operator-generic @@ -1773,6 +1791,11 @@ cluster: - name: cilium-config-path mountPath: /tmp/cilium/config-map readOnly: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL terminationMessagePolicy: FallbackToLogsOnError hostNetwork: true restartPolicy: Always @@ -1791,7 +1814,17 @@ cluster: nodeSelector: kubernetes.io/os: linux tolerations: - - operator: Exists + - key: node-role.kubernetes.io/control-plane + operator: Exists + - key: node-role.kubernetes.io/master + operator: Exists + - key: node.kubernetes.io/not-ready + operator: Exists + - key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists + - key: node.cilium.io/agent-not-ready + operator: Exists + volumes: # To read the configuration from the config map - name: cilium-config-path @@ -1828,16 +1861,21 @@ cluster: spec: securityContext: fsGroup: 65532 + seccompProfile: + type: RuntimeDefault containers: - name: hubble-relay securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 - image: "quay.io/cilium/hubble-relay:v1.17.3@sha256:f8674b5139111ac828a8818da7f2d344b4a5bfbaeb122c5dc9abed3e74000c55" + seccompProfile: + type: RuntimeDefault + image: "quay.io/cilium/hubble-relay:v1.18.3@sha256:e53e00c47fe4ffb9c086bad0c1c77f23cb968be4385881160683d9e15aa34dc3" imagePullPolicy: IfNotPresent command: - hubble-relay @@ -1959,7 +1997,7 @@ cluster: automountServiceAccountToken: true containers: - name: frontend - image: "quay.io/cilium/hubble-ui:v0.13.2@sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392" + image: "quay.io/cilium/hubble-ui:v0.13.3@sha256:661d5de7050182d495c6497ff0b007a7a1e379648e60830dd68c4d78ae21761d" imagePullPolicy: IfNotPresent ports: - name: http @@ -1979,8 +2017,10 @@ cluster: - name: tmp-dir mountPath: /tmp terminationMessagePolicy: FallbackToLogsOnError + securityContext: + allowPrivilegeEscalation: false - name: backend - image: "quay.io/cilium/hubble-ui-backend:v0.13.2@sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15" + image: "quay.io/cilium/hubble-ui-backend:v0.13.3@sha256:db1454e45dc39ca41fbf7cad31eec95d99e5b9949c39daaad0fa81ef29d56953" imagePullPolicy: IfNotPresent env: - name: EVENTS_SERVER_PORT @@ -1992,6 +2032,8 @@ cluster: containerPort: 8090 volumeMounts: terminationMessagePolicy: FallbackToLogsOnError + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux volumes: