From 54ebdf0b06396026c2a3aca30ebe5f92853d8ab5 Mon Sep 17 00:00:00 2001 From: Aline Abler Date: Wed, 10 Jul 2024 16:40:48 +0200 Subject: [PATCH 1/2] Enable select hubble metrics by default --- class/defaults.yml | 6 +++++ .../templates/cilium-agent/daemonset.yaml | 4 ++++ .../cilium/templates/cilium-configmap.yaml | 4 ++++ .../templates/hubble/metrics-service.yaml | 20 ++++++++++++++++ .../templates/hubble/servicemonitor.yaml | 24 +++++++++++++++++++ .../templates/cilium-agent/daemonset.yaml | 4 ++++ .../cilium/templates/cilium-configmap.yaml | 4 ++++ .../templates/hubble/metrics-service.yaml | 20 ++++++++++++++++ .../templates/hubble/servicemonitor.yaml | 24 +++++++++++++++++++ .../templates/cilium-agent/daemonset.yaml | 4 ++++ .../cilium/templates/cilium-configmap.yaml | 4 ++++ .../templates/hubble/metrics-service.yaml | 20 ++++++++++++++++ .../templates/hubble/servicemonitor.yaml | 24 +++++++++++++++++++ .../templates/cilium-agent/daemonset.yaml | 4 ++++ .../cilium/templates/cilium-configmap.yaml | 4 ++++ .../templates/hubble/metrics-service.yaml | 20 ++++++++++++++++ .../templates/hubble/servicemonitor.yaml | 24 +++++++++++++++++++ .../templates/cilium-agent/daemonset.yaml | 4 ++++ .../cilium/templates/cilium-configmap.yaml | 4 ++++ .../templates/hubble/metrics-service.yaml | 20 ++++++++++++++++ .../templates/hubble/servicemonitor.yaml | 24 +++++++++++++++++++ ...luster-network-07-cilium-ciliumconfig.yaml | 6 +++++ 22 files changed, 272 insertions(+) create mode 100644 tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml create mode 100644 tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml create mode 100644 tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml create mode 100644 tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml create mode 100644 tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml create mode 100644 tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml create mode 100644 tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml create mode 100644 tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml create mode 100644 tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml create mode 100644 tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml diff --git a/class/defaults.yml b/class/defaults.yml index 592d0723..134ac429 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -33,6 +33,12 @@ parameters: endpointRoutes: enabled: true hubble: + metrics: + enabled: + - 'httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity' + - 'drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity' + serviceMonitor: + enabled: true relay: enabled: true tls: diff --git a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml index ddf515b9..f1deebec 100644 --- a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml +++ b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml @@ -113,6 +113,10 @@ spec: hostPort: 9964 name: envoy-metrics protocol: TCP + - containerPort: 9965 + hostPort: 9965 + name: hubble-metrics + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 1e36fa7f..5c3479e3 100644 --- a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -35,6 +35,7 @@ data: enable-health-check-nodeport: 'true' enable-health-checking: 'true' enable-hubble: 'true' + enable-hubble-open-metrics: 'false' enable-ipv4: 'true' enable-ipv4-big-tcp: 'false' enable-ipv4-masquerade: 'true' @@ -59,6 +60,9 @@ data: hubble-export-file-max-backups: '5' hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 + hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock identity-allocation-mode: crd identity-gc-interval: 15m0s diff --git a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml new file mode 100644 index 00000000..ebeaf0fd --- /dev/null +++ b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/name: hubble + app.kubernetes.io/part-of: cilium + k8s-app: hubble + name: hubble-metrics + namespace: cilium +spec: + clusterIP: None + ports: + - name: hubble-metrics + port: 9965 + protocol: TCP + targetPort: hubble-metrics + selector: + k8s-app: cilium + type: ClusterIP diff --git a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml new file mode 100644 index 00000000..d044764f --- /dev/null +++ b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/part-of: cilium + name: hubble + namespace: cilium +spec: + endpoints: + - honorLabels: true + interval: 10s + path: /metrics + port: hubble-metrics + relabelings: + - replacement: ${1} + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: node + namespaceSelector: + matchNames: + - cilium + selector: + matchLabels: + k8s-app: hubble diff --git a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml index ddf515b9..f1deebec 100644 --- a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml +++ b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml @@ -113,6 +113,10 @@ spec: hostPort: 9964 name: envoy-metrics protocol: TCP + - containerPort: 9965 + hostPort: 9965 + name: hubble-metrics + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 8748fed3..81298755 100644 --- a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -34,6 +34,7 @@ data: enable-health-check-nodeport: 'true' enable-health-checking: 'true' enable-hubble: 'true' + enable-hubble-open-metrics: 'false' enable-ipv4: 'true' enable-ipv4-big-tcp: 'false' enable-ipv4-masquerade: 'true' @@ -58,6 +59,9 @@ data: hubble-export-file-max-backups: '5' hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 + hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock identity-allocation-mode: crd identity-gc-interval: 15m0s diff --git a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml new file mode 100644 index 00000000..ebeaf0fd --- /dev/null +++ b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/name: hubble + app.kubernetes.io/part-of: cilium + k8s-app: hubble + name: hubble-metrics + namespace: cilium +spec: + clusterIP: None + ports: + - name: hubble-metrics + port: 9965 + protocol: TCP + targetPort: hubble-metrics + selector: + k8s-app: cilium + type: ClusterIP diff --git a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml new file mode 100644 index 00000000..d044764f --- /dev/null +++ b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/part-of: cilium + name: hubble + namespace: cilium +spec: + endpoints: + - honorLabels: true + interval: 10s + path: /metrics + port: hubble-metrics + relabelings: + - replacement: ${1} + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: node + namespaceSelector: + matchNames: + - cilium + selector: + matchLabels: + k8s-app: hubble diff --git a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml index ddf515b9..f1deebec 100644 --- a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml +++ b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml @@ -113,6 +113,10 @@ spec: hostPort: 9964 name: envoy-metrics protocol: TCP + - containerPort: 9965 + hostPort: 9965 + name: hubble-metrics + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index bdb1569b..3a2859f7 100644 --- a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -34,6 +34,7 @@ data: enable-health-check-nodeport: 'true' enable-health-checking: 'true' enable-hubble: 'true' + enable-hubble-open-metrics: 'false' enable-ipv4: 'true' enable-ipv4-big-tcp: 'false' enable-ipv4-egress-gateway: 'true' @@ -59,6 +60,9 @@ data: hubble-export-file-max-backups: '5' hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 + hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock identity-allocation-mode: crd identity-gc-interval: 15m0s diff --git a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml new file mode 100644 index 00000000..ebeaf0fd --- /dev/null +++ b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/name: hubble + app.kubernetes.io/part-of: cilium + k8s-app: hubble + name: hubble-metrics + namespace: cilium +spec: + clusterIP: None + ports: + - name: hubble-metrics + port: 9965 + protocol: TCP + targetPort: hubble-metrics + selector: + k8s-app: cilium + type: ClusterIP diff --git a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml new file mode 100644 index 00000000..d044764f --- /dev/null +++ b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/part-of: cilium + name: hubble + namespace: cilium +spec: + endpoints: + - honorLabels: true + interval: 10s + path: /metrics + port: hubble-metrics + relabelings: + - replacement: ${1} + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: node + namespaceSelector: + matchNames: + - cilium + selector: + matchLabels: + k8s-app: hubble diff --git a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml index ddf515b9..f1deebec 100644 --- a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml +++ b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml @@ -113,6 +113,10 @@ spec: hostPort: 9964 name: envoy-metrics protocol: TCP + - containerPort: 9965 + hostPort: 9965 + name: hubble-metrics + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 8748fed3..81298755 100644 --- a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -34,6 +34,7 @@ data: enable-health-check-nodeport: 'true' enable-health-checking: 'true' enable-hubble: 'true' + enable-hubble-open-metrics: 'false' enable-ipv4: 'true' enable-ipv4-big-tcp: 'false' enable-ipv4-masquerade: 'true' @@ -58,6 +59,9 @@ data: hubble-export-file-max-backups: '5' hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 + hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock identity-allocation-mode: crd identity-gc-interval: 15m0s diff --git a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml new file mode 100644 index 00000000..ebeaf0fd --- /dev/null +++ b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/name: hubble + app.kubernetes.io/part-of: cilium + k8s-app: hubble + name: hubble-metrics + namespace: cilium +spec: + clusterIP: None + ports: + - name: hubble-metrics + port: 9965 + protocol: TCP + targetPort: hubble-metrics + selector: + k8s-app: cilium + type: ClusterIP diff --git a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml new file mode 100644 index 00000000..d044764f --- /dev/null +++ b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/part-of: cilium + name: hubble + namespace: cilium +spec: + endpoints: + - honorLabels: true + interval: 10s + path: /metrics + port: hubble-metrics + relabelings: + - replacement: ${1} + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: node + namespaceSelector: + matchNames: + - cilium + selector: + matchLabels: + k8s-app: hubble diff --git a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml index ddf515b9..f1deebec 100644 --- a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml +++ b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-agent/daemonset.yaml @@ -113,6 +113,10 @@ spec: hostPort: 9964 name: envoy-metrics protocol: TCP + - containerPort: 9965 + hostPort: 9965 + name: hubble-metrics + protocol: TCP readinessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 8748fed3..81298755 100644 --- a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -34,6 +34,7 @@ data: enable-health-check-nodeport: 'true' enable-health-checking: 'true' enable-hubble: 'true' + enable-hubble-open-metrics: 'false' enable-ipv4: 'true' enable-ipv4-big-tcp: 'false' enable-ipv4-masquerade: 'true' @@ -58,6 +59,9 @@ data: hubble-export-file-max-backups: '5' hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 + hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock identity-allocation-mode: crd identity-gc-interval: 15m0s diff --git a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml new file mode 100644 index 00000000..ebeaf0fd --- /dev/null +++ b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/metrics-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/name: hubble + app.kubernetes.io/part-of: cilium + k8s-app: hubble + name: hubble-metrics + namespace: cilium +spec: + clusterIP: None + ports: + - name: hubble-metrics + port: 9965 + protocol: TCP + targetPort: hubble-metrics + selector: + k8s-app: cilium + type: ClusterIP diff --git a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml new file mode 100644 index 00000000..d044764f --- /dev/null +++ b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/hubble/servicemonitor.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/part-of: cilium + name: hubble + namespace: cilium +spec: + endpoints: + - honorLabels: true + interval: 10s + path: /metrics + port: hubble-metrics + relabelings: + - replacement: ${1} + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: node + namespaceSelector: + matchNames: + - cilium + selector: + matchLabels: + k8s-app: hubble diff --git a/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml b/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml index 21d17a9e..f9745383 100644 --- a/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml +++ b/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml @@ -18,6 +18,12 @@ spec: endpointRoutes: enabled: true hubble: + metrics: + enabled: + - httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + - drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + serviceMonitor: + enabled: true relay: enabled: true tls: From 53c53f4cb7d86b979abe91265e76bf1689795502 Mon Sep 17 00:00:00 2001 From: Aline Abler Date: Thu, 11 Jul 2024 10:25:29 +0200 Subject: [PATCH 2/2] Enable DNS metrics on top of others --- class/defaults.yml | 1 + .../01_cilium_helmchart/cilium/templates/cilium-configmap.yaml | 1 + .../01_cilium_helmchart/cilium/templates/cilium-configmap.yaml | 1 + .../01_cilium_helmchart/cilium/templates/cilium-configmap.yaml | 1 + .../01_cilium_helmchart/cilium/templates/cilium-configmap.yaml | 1 + .../01_cilium_helmchart/cilium/templates/cilium-configmap.yaml | 1 + .../cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml | 1 + 7 files changed, 7 insertions(+) diff --git a/class/defaults.yml b/class/defaults.yml index e0957183..44727ad5 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -36,6 +36,7 @@ parameters: metrics: enabled: - 'httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity' + - 'dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity' - 'drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity' serviceMonitor: enabled: true diff --git a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index ac3b27f1..6f6b0d54 100644 --- a/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/bgp-control-plane/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -61,6 +61,7 @@ data: hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock diff --git a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 7d3ea76c..79158a60 100644 --- a/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/defaults/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -60,6 +60,7 @@ data: hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock diff --git a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 3a2859f7..7fffda4c 100644 --- a/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/egress-gateway/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -61,6 +61,7 @@ data: hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock diff --git a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 7d3ea76c..79158a60 100644 --- a/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/helm-opensource/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -60,6 +60,7 @@ data: hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock diff --git a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml index 7d3ea76c..79158a60 100644 --- a/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml +++ b/tests/golden/kubeproxyreplacement-strict/cilium/cilium/01_cilium_helmchart/cilium/templates/cilium-configmap.yaml @@ -60,6 +60,7 @@ data: hubble-export-file-max-size-mb: '10' hubble-listen-address: :4244 hubble-metrics: httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity hubble-metrics-server: :9965 hubble-socket-path: /var/run/cilium/hubble.sock diff --git a/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml b/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml index 65d2f58c..9e9c5f67 100644 --- a/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml +++ b/tests/golden/olm-opensource/cilium/cilium/olm/cluster-network-07-cilium-ciliumconfig.yaml @@ -21,6 +21,7 @@ spec: metrics: enabled: - httpV2:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity + - dns:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity - drop:sourceContext=workload|namespace|reserved-identity;destinationContext=workload|namespace|reserved-identity serviceMonitor: enabled: true