Add hubble helm charts to cilium install/kubernetes

This patch adds hubble related helm charts to cilium install/kubernetes

Fixes: #10647
Signed-off-by: Swaminathan Vasudevan <svasudevan@suse.com>

install/kubernetes/cilium/charts/agent/templates/daemonset.yaml

@@ -152,12 +152,20 @@ spec:
           {{- toYaml .Values.resources | trim | nindent 10 }}
 {{- end }}
         name: cilium-agent
-{{- if .Values.global.prometheus.enabled }}
+{{- if or .Values.global.prometheus.enabled .Values.global.hubble.metricsServer }}
         ports:
+{{- if .Values.global.prometheus.enabled }}                
         - containerPort: {{ .Values.global.prometheus.port }}
           hostPort: {{ .Values.global.prometheus.port }}
           name: prometheus
           protocol: TCP
+{{- end }}
+{{- if .Values.global.hubble.metricsServer }}
+        - containerPort: {{ regexReplaceAll ":([0-9]+)$" .Values.global.hubble.metricsServer "${1}" }}
+          hostPort: {{ regexReplaceAll ":([0-9]+)$" .Values.global.hubble.metricsServer "${1}" }} 
+          name: hubble-metrics
+          protocol: TCP
+{{- end }}
 {{- end }}
         securityContext:
           capabilities:

install/kubernetes/cilium/charts/agent/templates/servicemonitor.yaml

@@ -1,4 +1,5 @@
 {{- if and .Values.global.prometheus.enabled (.Values.global.prometheus.serviceMonitor.enabled) }}
+---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -21,3 +22,24 @@ spec:
     honorLabels: true
     path: /metrics
 {{- end }}
+{{- if and .Values.global.hubble.metrics.enabled (.Values.global.hubble.metrics.serviceMonitor.enabled) }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: hubble
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: cilium
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  endpoints:
+  - port: hubble-metrics
+    interval: 10s
+    honorLabels: true
+    path: /metrics
+{{- end }}
+

install/kubernetes/cilium/charts/agent/templates/svc.yaml

@@ -17,3 +17,43 @@ spec:
   selector:
     k8s-app: cilium
 {{- end }}
+{{- if .Values.global.hubble.ui.enabled }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-grpc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: hubble 
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    k8s-app: cilium
+  ports:
+  - targetPort: 50051
+    protocol: TCP
+    port: 50051
+{{- end }}
+{{- if and .Values.global.hubble.metrics.enabled (.Values.global.hubble.metrics.serviceMonitor.enabled) }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-metrics
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: hubble 
+spec:
+  clusterIP: None
+  type: ClusterIP
+  ports:
+  - name: hubble-metrics
+    port: {{ regexReplaceAll ":([0-9]+)$" .Values.global.hubble.metricsServer "${1}" }}
+    protocol: TCP
+    targetPort: hubble-metrics
+  selector:
+    k8s-app: cilium
+{{- end }}
+

install/kubernetes/cilium/charts/config/templates/configmap.yaml

@@ -419,7 +419,15 @@ data:
   # A space separated list of metrics to enable. See [0] for available metrics.
   #
   # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
-  hubble-metrics: {{ .Values.global.hubble.metrics | join " " | quote }}
+  hubble-metrics: {{- range .Values.global.hubble.metrics.enabled }}
+    {{.}}
+  {{- end }}
+{{- end }}
+{{ if and .Values.global.hubble.ui.enabled (not (has "0.0.0.0:50051" .Values.global.hubble.listenAddresses)) }}
+  # A space separated list of additional addresses for Hubble server to listen to.
+  hubble-listen-addresses: {{ append .Values.global.hubble.listenAddresses "0.0.0.0:50051" | join " " | quote }}
+{{- else if .Values.global.hubble.listenAddresses}}
+  hubble-listen-addresses: {{ .Values.global.hubble.listenAddresses | join " " | quote }}
 {{- end }}
 {{- end }}
 

install/kubernetes/cilium/charts/hubble-ui/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+name: hubble-ui
+version: 1.7.90
+appVersion: 1.7.90
+tillerVersion: ">=2.7.2"
+description: Helm chart for the Hubble UI 
+keywords:
+sources:
+  - https://github.com/cilium/hubble-ui
+engine: gotpl

install/kubernetes/cilium/charts/hubble-ui/templates/clusterrole.yaml

@@ -0,0 +1,44 @@
+{{- if .Values.global.hubble.ui.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hubble-ui 
+rules:
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - componentstatuses
+      - endpoints
+      - namespaces
+      - nodes
+      - pods
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cilium.io
+    resources:
+      - "*"
+    verbs:
+      - get
+      - list
+      - watch
+{{- end }}

install/kubernetes/cilium/charts/hubble-ui/templates/clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.global.hubble.ui.enabled }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hubble-ui
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: hubble-ui 
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: hubble-ui 
+{{- end }}

install/kubernetes/cilium/charts/hubble-ui/templates/deployment.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.global.hubble.ui.enabled }}
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: hubble-ui
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      k8s-app: hubble-ui
+  template:
+    metadata:
+      labels:
+        k8s-app: hubble-ui
+    spec:
+      serviceAccountName: hubble-ui
+      containers:
+        - name: hubble-ui
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: NODE_ENV
+              value: "production"
+            - name: LOG_LEVEL
+              value: "info"
+            - name: HUBBLE
+              value: "true"
+            - name: HUBBLE_SERVICE
+              value: "hubble-grpc.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+            - name: HUBBLE_PORT
+              value: "50051"
+          ports:
+            - containerPort: 12000
+              name: http
+          resources:
+            {{- toYaml .Values.resources | trim | nindent 12 }}
+{{- end }}

install/kubernetes/cilium/charts/hubble-ui/templates/ingress.yaml

@@ -0,0 +1,29 @@
+{{- if and .Values.global.hubble.ui.enabled .Values.ingress.enabled -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: hubble-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    k8s-app: hubble-ui
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: hubble-ui
+              servicePort: http
+  {{- end }}
+{{- end }}

install/kubernetes/cilium/charts/hubble-ui/templates/serviceaccount.yaml

@@ -0,0 +1,7 @@
+{{- if .Values.global.hubble.ui.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: hubble-ui 
+{{- end }}

install/kubernetes/cilium/charts/hubble-ui/templates/svc.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.global.hubble.ui.enabled }}
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: hubble-ui
+spec:
+  selector:
+    k8s-app: hubble-ui
+  ports:
+    - name: http
+      port: 12000
+      targetPort: 12000
+  type: ClusterIP
+{{- end }}

install/kubernetes/cilium/charts/hubble-ui/values.yaml

@@ -0,0 +1,34 @@
+# Configuration for hubble ui
+image:
+  # repository of the docker image
+  repository: quay.io/cilium/hubble-ui
+  # tag is the container image tag to use
+  tag: latest
+  # pullPolicy is the container image pull policy
+  pullPolicy: Always
+clusterDomain: cluster.local
+replicas: 1
+# Resource requests and limits for the 'hubble-ui' container of the 'hubble-ui' deployment, such as
+#
+#     resources:
+#       limits:
+#         cpu: 1000m
+#         memory: 1024Mi
+#       requests:
+#         cpu: 100m
+#         memory: 64Mi
+resources: {}
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+

install/kubernetes/cilium/requirements.yaml

@@ -8,6 +8,9 @@ dependencies:
   - name: hubble-cli
     version: 1.7.90
     condition: global.hubble.cli.enabled
+  - name: hubble-ui
+    version: 1.7.90
+    condition: global.hubble.ui.enabled
   - name: operator
     version: 1.7.90
     condition: operator.enabled

install/kubernetes/cilium/values.yaml

@@ -420,6 +420,8 @@ global:
   # hubble configures Hubble.
   hubble:
     enabled: false
+    ui:
+      enabled: false 
     # Default unix domain socket path to listen to when Hubble is enabled. Default to "/var/run/cilium/hubble.sock".
     socketPath: /var/run/cilium/hubble.sock
     # List of additional addresses to listen to, for example:
@@ -457,7 +459,11 @@ global:
     #
     # See https://github.com/cilium/hubble/blob/master/Documentation/metrics.md for more comprehensive
     # documentation about Hubble's metric collection.
-    metrics: []
+    metrics:
+      enabled:
+       - drop
+      serviceMonitor:
+        enabled: false
     # Configures the hubble-cli subchart
     cli:
       enabled: false