From e1be4699951b75b6eecd3195b19dae5d2ceea294 Mon Sep 17 00:00:00 2001
From: "Kim Hyunyoung, Abel" <atobaum@gmail.com>
Date: Mon, 12 May 2025 12:27:14 +0900
Subject: [PATCH] fix: do not mount hubble-ui tls volume when
 cilium_hubble_tls_generate is false (#12143)

---
 roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
index fbd3b2fa8..9b8829c16 100644
--- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
@@ -168,10 +168,12 @@ spec:
               value: "hubble-relay:80"
             {% endif %}
 
+          {% if cilium_hubble_tls_generate -%}
           volumeMounts:
             - name: tls
               mountPath: /var/lib/hubble-ui/certs
               readOnly: true
+          {%- endif %}
           ports:
             - containerPort: 8090
               name: grpc
@@ -182,6 +184,7 @@ spec:
             defaultMode: 420
             name: hubble-ui-nginx
           name: hubble-ui-nginx-conf
+        {% if cilium_hubble_tls_generate -%}
         - projected:
             sources:
             - secret:
@@ -194,6 +197,7 @@ spec:
                   - key: tls.key
                     path: client.key
           name: tls
+        {%- endif %}
         - emptyDir: {}
           name: tmp-dir
 {% endif %}