feat(cilium): add hubble UI

NaturalSelectionLabs · Jan 1, 2024 · e8bee52 · e8bee52
1 parent 8255d7e
commit e8bee52
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 0 deletions.
diff --git a/application.tf b/application.tf
@@ -29,6 +29,37 @@ resource "argocd_application" "grafana" {
   }
 }
 
+resource "argocd_application" "cilium" {
+  metadata {
+    name      = "cilium"
+    namespace = "guardian"
+  }
+  spec {
+    project = argocd_project.guardian.metadata[0].name
+    source {
+      repo_url        = var.repo_url
+      target_revision = "HEAD"
+      path            = "cilium/prod"
+      plugin {
+        name = "avp-kustomize"
+        env {
+          name = "APP_REPO"
+          value = "NaturalSelectionLabs/Hephaestus"
+        }
+        env {
+          name = "AVP_SECRET"
+          value = "guardian:avp-prod"
+        }
+      }
+    }
+
+    destination {
+      server    = argocd_cluster.prod.server
+      namespace = "cilium"
+    }
+  }
+}
+
 resource "argocd_application" "keycloak" {
   metadata {
     name      = "keycloak"

diff --git a/cilium/prod/kustomization.yaml b/cilium/prod/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmCharts:
+  - name: cilium
+    releaseName: cilium
+    repo: https://helm.cilium.io/
+    valuesFile: values.yaml
+    version: 1.14.x
diff --git a/cilium/prod/values.yaml b/cilium/prod/values.yaml
@@ -0,0 +1,35 @@
+agent: false
+operator:
+  enabled: false
+cni:
+  install: false
+hubble:
+  enabled: false
+  relay:
+    # set this to false as Hubble relay is already installed
+    enabled: false
+    tls:
+      server:
+        # set this to true if tls is enabled on Hubble relay server side
+        enabled: true
+  ui:
+    # enable Hubble UI
+    enabled: true
+    standalone:
+      # enable Hubble UI standalone deployment
+      enabled: true
+      # provide a volume containing Hubble relay client certificates to mount in Hubble UI pod
+      tls:
+        certsVolume:
+          projected:
+            defaultMode: 0400
+            sources:
+              - secret:
+                  name: hubble-relay-client-certs
+                  items:
+                    - key: tls.crt
+                      path: client.crt
+                    - key: tls.key
+                      path: client.key
+                    - key: ca.crt
+                      path: hubble-relay-ca.crt