helm: Add hubble section

Add hubble section to values.yaml, and add new Hubble-related fields to the configmap. The configmap has these new hubble-related fields: - hubble-listen-addresses List of addresses for Hubble to listen to. Disabled if empty. - hubble-flow-buffer-size Number of recent flows for Hubble to cache. Defaults to 4096. - hubble-event-queue-size Buffer size of the events channel. Defaults to 128. - hubble-metrics-server Address for the metric server to listen to. Disabled if empty. - hubble-metrics List of metrics to collect. This PR also adds 2 environment variables if Hubble is enabled: - HUBBLE_GROUP_NAME Group for Hubble's unix domain sockets. Hardcoded to be `cilium`. - HUBBLE_DEFAULT_SOCKET_PATH Default Hubble gRPC endpoint for observe/status commands. This is set to the first address in hubble-listen-addresses. Here is a sample helm command to configure Hubble-related settings: helm template cilium \ --set global.hubble.listenAddresses="{unix:///var/run/cilium/hubble.sock,unix:///var/run/cilium/hubble.sock2}" \ --set global.hubble.eventQueueSize=1234 \ --set global.hubble.flowBufferSize=5678 \ --set global.hubble.metricsServer=":7071" \ --set global.hubble.metrics="{dns:query;ignoreAAAA,drop,tcp,flow,port-distribution,icmp,http}" Ref #9925 Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
cilium · Mar 5, 2020 · b3b29b3 · b3b29b3
1 parent 3b21654
commit b3b29b3
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 0 deletions.
diff --git a/install/kubernetes/cilium/charts/agent/templates/daemonset.yaml b/install/kubernetes/cilium/charts/agent/templates/daemonset.yaml
@@ -117,6 +117,14 @@ spec:
               key: custom-cni-conf
               name: cilium-config
               optional: true
+{{- if gt (len .Values.global.hubble.listenAddresses) 0 }}
+        # Hubble uses this group for its unix domain sockets.
+        - name: HUBBLE_GROUP_NAME
+          value: "cilium"
+        # Default Hubble gRPC endpoint for observe/status commands.
+        - name: HUBBLE_DEFAULT_SOCKET_PATH
+          value: {{ .Values.global.hubble.listenAddresses | first | quote }}
+{{- end }}
 {{- if .Values.global.k8sServiceHost }}
         - name: KUBERNETES_SERVICE_HOST
           value: {{ .Values.global.k8sServiceHost | quote }}

diff --git a/install/kubernetes/cilium/charts/config/templates/configmap.yaml b/install/kubernetes/cilium/charts/config/templates/configmap.yaml
@@ -342,3 +342,27 @@ data:
 {{- else }}
   operator-api-serve-addr: '[::1]:9234'
 {{- end }}
+{{ if gt (len .Values.global.hubble.listenAddresses) 0 }}
+  # A space separated list of addresses for Hubble server to listen to. Currently only unix
+  # domain sockets are supported. Hubble gRPC endpoint will be disabled if this field is not
+  # set.
+  hubble-listen-addresses: {{ .Values.global.hubble.listenAddresses | join " " | quote }}
+{{ if .Values.global.hubble.eventQueueSize }}
+  # Buffer size of the channel for Hubble to receive monitor events.
+  hubble-event-queue-size: {{ .Values.global.hubble.eventQueueSize | quote }}
+{{- end }}
+{{ if .Values.global.hubble.flowBufferSize }}
+  # Size of the buffer to store recent flows.
+  hubble-flow-buffer-size: {{ .Values.global.hubble.flowBufferSize | quote }}
+{{- end }}
+{{ if .Values.global.hubble.metricsServer }}
+  # Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this
+  # field is not set.
+  hubble-metrics-server: {{ .Values.global.hubble.metricsServer | quote }}
+
+  # A space separated list of metrics to enable. See [0] for available metrics.
+  #
+  # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
+  hubble-metrics: {{ .Values.global.hubble.metrics | join " " | quote }}
+  {{- end }}
+{{- end }}
diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml
@@ -359,3 +359,42 @@ global:
   # packets affected by policies will not be dropped. Policy related
   # decisions can be checked via the poicy verdict messages.
   policyAuditMode: false
+
+  # hubble configures Hubble.
+  hubble:
+    # List of unix domain socket paths to listen to, for example:
+    #
+    #   listenAddresses:
+    #   - "unix:///var/run/cilium/hubble.sock"
+    #
+    # You can specify the list of metrics from the helm CLI:
+    #
+    #   --set global.hubble.listenAddresses={unix:///var/run/cilium}
+    #
+    # Hubble is disabled if the list is empty.
+    listenAddresses: []
+    # Buffer size of the channel Hubble uses to receive monitor events. Defaults to 128.
+    eventQueueSize: ~
+    # Number of recent flows for Hubble to cache. Defaults to 4096.
+    flowBufferSize: ~
+    # Specifies the address the metric server listens to (e.g. ":12345"). The metric server is
+    # disabled if this value is empty.
+    metricServer: ~
+    # List of metrics to collect, for example:
+    #
+    #   metrics:
+    #   - dns:query;ignoreAAAA
+    #   - drop
+    #   - tcp
+    #   - flow
+    #   - port-distribution
+    #   - icmp
+    #   - http
+    #
+    # You can specify the list of metrics from the helm CLI:
+    #
+    #   --set metrics.enabled="{dns:query;ignoreAAAA,drop,tcp,flow,port-distribution,icmp,http}"
+    #
+    # See https://github.com/cilium/hubble/blob/master/Documentation/metrics.md for more comprehensive
+    # documentation about Hubble's metric collection.
+    metrics: []