From 31caab5f9252a9ffd0e2cca93bed0c7737beecca Mon Sep 17 00:00:00 2001 From: biqiang Wu <62228454+dcwbq@users.noreply.github.com> Date: Tue, 27 Sep 2022 20:57:52 +0800 Subject: [PATCH] Fix: The Hubble certificate is faulty because the cluster name is hard coded (#9340) Signed-off-by: dcwbq Signed-off-by: dcwbq --- roles/network_plugin/cilium/templates/hubble/cronjob.yml.j2 | 2 +- roles/network_plugin/cilium/templates/hubble/job.yml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network_plugin/cilium/templates/hubble/cronjob.yml.j2 b/roles/network_plugin/cilium/templates/hubble/cronjob.yml.j2 index 6486cfd93..7799a79ad 100644 --- a/roles/network_plugin/cilium/templates/hubble/cronjob.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/cronjob.yml.j2 @@ -37,7 +37,7 @@ spec: - "--hubble-ca-config-map-create=true" - "--hubble-ca-config-map-name=hubble-ca-cert" - "--hubble-server-cert-generate=true" - - "--hubble-server-cert-common-name=*.default.hubble-grpc.cilium.io" + - "--hubble-server-cert-common-name=*.{{ cilium_cluster_name }}.hubble-grpc.cilium.io" - "--hubble-server-cert-validity-duration=94608000s" - "--hubble-server-cert-secret-name=hubble-server-certs" - "--hubble-relay-client-cert-generate=true" diff --git a/roles/network_plugin/cilium/templates/hubble/job.yml.j2 b/roles/network_plugin/cilium/templates/hubble/job.yml.j2 index d4213bd39..38a42bfd0 100644 --- a/roles/network_plugin/cilium/templates/hubble/job.yml.j2 +++ b/roles/network_plugin/cilium/templates/hubble/job.yml.j2 @@ -33,7 +33,7 @@ spec: - "--hubble-ca-config-map-create=true" - "--hubble-ca-config-map-name=hubble-ca-cert" - "--hubble-server-cert-generate=true" - - "--hubble-server-cert-common-name=*.default.hubble-grpc.cilium.io" + - "--hubble-server-cert-common-name=*.{{ cilium_cluster_name }}.hubble-grpc.cilium.io" - "--hubble-server-cert-validity-duration=94608000s" - "--hubble-server-cert-secret-name=hubble-server-certs" - "--hubble-relay-client-cert-generate=true"