You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After deploying a cluster with Cilium CNI, Hubble UI enabled and disabled TLS in Hubble (cilium_hubble_tls_generate: false), hubble-ui pod stays in ContainerCreating state.
kubectl describe pod shows:
Warning FailedMount 55s (x13 over 11m) kubelet MountVolume.SetUp failed for volume "tls" : secret "hubble-relay-client-certs" not found
What did you expect to happen?
hubble-ui deployed successfully
How can we reproduce it (as minimally and precisely as possible)?
Install cluster with enabled hubble-ui and disabled TLS.
I belive that when cilium_hubble_tls_generate is set to False, Kubernetes secret hubble-relay-client-certs is not created, but it is referenced in hubble-ui deployment.
It looks like declarations in volumes and volumeMounts sections of hubble-ui deployment manifest template should be guarded with something like {% if cilium_hubble_tls_generate %}, as done in hubble-relay deployment manifest template in the same file (roles/network_plugin/cilium/templates/hubble/deploy.yml.j2).
The text was updated successfully, but these errors were encountered:
What happened?
After deploying a cluster with Cilium CNI, Hubble UI enabled and disabled TLS in Hubble (cilium_hubble_tls_generate: false), hubble-ui pod stays in
ContainerCreating
state.kubectl describe pod shows:
What did you expect to happen?
hubble-ui deployed successfully
How can we reproduce it (as minimally and precisely as possible)?
Install cluster with enabled hubble-ui and disabled TLS.
Relevant kubespray vars:
OS
Linux 6.1.0-20-amd64 x86_64
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
Version of Ansible
ansible [core 2.16.5]
python version = 3.11.8 (main, Feb 12 2024, 14:50:05) [GCC 13.2.1 20230801]
jinja version = 3.1.3
libyaml = True
Version of Python
Python 3.11.8
Version of Kubespray (commit)
Ansible collection v2.24.1
Network plugin used
cilium
Full inventory with variables
kube_network_plugin: cilium
cilium_enable_ipv4: true
cilium_enable_ipv6: false
cilium_enable_hubble: true
cilium_hubble_install: true
cilium_hubble_tls_generate: false
Command used to invoke ansible
ansible-playbook -i hosts/inventory.ini cluster.yml
Output of ansible run
Anything else we need to know
I belive that when
cilium_hubble_tls_generate
is set to False, Kubernetes secrethubble-relay-client-certs
is not created, but it is referenced in hubble-ui deployment.It looks like declarations in
volumes
andvolumeMounts
sections ofhubble-ui
deployment manifest template should be guarded with something like{% if cilium_hubble_tls_generate %}
, as done inhubble-relay
deployment manifest template in the same file (roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
).The text was updated successfully, but these errors were encountered: