diff --git a/packages/system/cilium/Makefile b/packages/system/cilium/Makefile index eff6027a..6d88f5cf 100644 --- a/packages/system/cilium/Makefile +++ b/packages/system/cilium/Makefile @@ -10,7 +10,7 @@ update: rm -rf charts helm repo add cilium https://helm.cilium.io/ helm repo update cilium - helm pull cilium/cilium --untar --untardir charts --version 1.16 + helm pull cilium/cilium --untar --untardir charts --version 1.17 sed -i -e '/Used in iptables/d' -e '/SYS_MODULE/d' charts/cilium/values.yaml version=$$(awk '$$1 == "version:" {print $$2}' charts/cilium/Chart.yaml) && \ sed -i "s/ARG VERSION=.*/ARG VERSION=v$${version}/" images/cilium/Dockerfile diff --git a/packages/system/cilium/charts/cilium/Chart.yaml b/packages/system/cilium/charts/cilium/Chart.yaml index 42de0b61..517e8007 100644 --- a/packages/system/cilium/charts/cilium/Chart.yaml +++ b/packages/system/cilium/charts/cilium/Chart.yaml @@ -42,7 +42,10 @@ annotations: \ name: ciliumenvoyconfigs.cilium.io\n displayName: Cilium Envoy Config\n description: |\n Cilium Envoy Config specifies Envoy resources and K8s service mappings\n \ to be provisioned into Cilium host proxy instances in namespace context.\n- - kind: CiliumBGPPeeringPolicy\n version: v2alpha1\n name: ciliumbgppeeringpolicies.cilium.io\n + kind: CiliumNodeConfig\n version: v2\n name: ciliumnodeconfigs.cilium.io\n displayName: + Cilium Node Configuration\n description: |\n CiliumNodeConfig is a list of + configuration key-value pairs. It is applied to\n nodes indicated by a label + selector.\n- kind: CiliumBGPPeeringPolicy\n version: v2alpha1\n name: ciliumbgppeeringpolicies.cilium.io\n \ displayName: Cilium BGP Peering Policy\n description: |\n Cilium BGP Peering Policy instructs Cilium to create specific BGP peering\n configurations.\n- kind: CiliumBGPClusterConfig\n version: v2alpha1\n name: ciliumbgpclusterconfigs.cilium.io\n @@ -64,22 +67,19 @@ annotations: can be used to override node specific BGP configuration.\n- kind: CiliumLoadBalancerIPPool\n \ version: v2alpha1\n name: ciliumloadbalancerippools.cilium.io\n displayName: Cilium Load Balancer IP Pool\n description: |\n Defining a Cilium Load Balancer - IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n- kind: CiliumNodeConfig\n - \ version: v2alpha1\n name: ciliumnodeconfigs.cilium.io\n displayName: Cilium - Node Configuration\n description: |\n CiliumNodeConfig is a list of configuration - key-value pairs. It is applied to\n nodes indicated by a label selector.\n- - kind: CiliumCIDRGroup\n version: v2alpha1\n name: ciliumcidrgroups.cilium.io\n - \ displayName: Cilium CIDR Group\n description: |\n CiliumCIDRGroup is a list - of CIDRs that can be referenced as a single entity from CiliumNetworkPolicies.\n- - kind: CiliumL2AnnouncementPolicy\n version: v2alpha1\n name: ciliuml2announcementpolicies.cilium.io\n - \ displayName: Cilium L2 Announcement Policy\n description: |\n CiliumL2AnnouncementPolicy + IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n- kind: CiliumCIDRGroup\n + \ version: v2alpha1\n name: ciliumcidrgroups.cilium.io\n displayName: Cilium + CIDR Group\n description: |\n CiliumCIDRGroup is a list of CIDRs that can + be referenced as a single entity from CiliumNetworkPolicies.\n- kind: CiliumL2AnnouncementPolicy\n + \ version: v2alpha1\n name: ciliuml2announcementpolicies.cilium.io\n displayName: + Cilium L2 Announcement Policy\n description: |\n CiliumL2AnnouncementPolicy is a policy which determines which service IPs will be announced to\n the local area network, by which nodes, and via which interfaces.\n- kind: CiliumPodIPPool\n \ version: v2alpha1\n name: ciliumpodippools.cilium.io\n displayName: Cilium Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n" apiVersion: v2 -appVersion: 1.16.7 +appVersion: 1.17.1 description: eBPF-based Networking, Security, and Observability home: https://cilium.io/ icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg @@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0' name: cilium sources: - https://github.com/cilium/cilium -version: 1.16.7 +version: 1.17.1 diff --git a/packages/system/cilium/charts/cilium/README.md b/packages/system/cilium/charts/cilium/README.md index 6f8d06b1..0f0ec17f 100644 --- a/packages/system/cilium/charts/cilium/README.md +++ b/packages/system/cilium/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.16.7](https://img.shields.io/badge/Version-1.16.7-informational?style=flat-square) ![AppVersion: 1.16.7](https://img.shields.io/badge/AppVersion-1.16.7-informational?style=flat-square) +![Version: 1.17.1](https://img.shields.io/badge/Version-1.17.1-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -77,13 +77,15 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.agent.labels | object | `{}` | SPIRE agent labels | | authentication.mutual.spire.install.agent.nodeSelector | object | `{}` | SPIRE agent nodeSelector configuration ref: ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | authentication.mutual.spire.install.agent.podSecurityContext | object | `{}` | Security context to be added to spire agent pods. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| authentication.mutual.spire.install.agent.priorityClassName | string | `""` | The priority class to use for the spire agent | +| authentication.mutual.spire.install.agent.resources | object | `{}` | container resource limits & requests | | authentication.mutual.spire.install.agent.securityContext | object | `{}` | Security context to be added to spire agent containers. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | | authentication.mutual.spire.install.agent.serviceAccount | object | `{"create":true,"name":"spire-agent"}` | SPIRE agent service account | | authentication.mutual.spire.install.agent.skipKubeletVerification | bool | `true` | SPIRE Workload Attestor kubelet verification. | | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server | +| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -98,6 +100,8 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.server.labels | object | `{}` | SPIRE server labels | | authentication.mutual.spire.install.server.nodeSelector | object | `{}` | SPIRE server nodeSelector configuration ref: ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | authentication.mutual.spire.install.server.podSecurityContext | object | `{}` | Security context to be added to spire server pods. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| authentication.mutual.spire.install.server.priorityClassName | string | `""` | The priority class to use for the spire server | +| authentication.mutual.spire.install.server.resources | object | `{}` | container resource limits & requests | | authentication.mutual.spire.install.server.securityContext | object | `{}` | Security context to be added to spire server containers. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | | authentication.mutual.spire.install.server.service.annotations | object | `{}` | Annotations to be added to the SPIRE server service | | authentication.mutual.spire.install.server.service.labels | object | `{}` | Labels to be added to the SPIRE server service | @@ -113,29 +117,34 @@ contributors across the globe, there is almost always someone available to help. | bandwidthManager | object | `{"bbr":false,"enabled":false}` | Enable bandwidth manager to optimize TCP and UDP workloads and allow for rate-limiting traffic from individual Pods with EDT (Earliest Departure Time) through the "kubernetes.io/egress-bandwidth" Pod annotation. | | bandwidthManager.bbr | bool | `false` | Activate BBR TCP congestion control for Pods | | bandwidthManager.enabled | bool | `false` | Enable bandwidth manager infrastructure (also prerequirement for BBR) | -| bgp | object | `{"announce":{"loadbalancerIP":false,"podCIDR":false},"enabled":false}` | Configure BGP | -| bgp.announce.loadbalancerIP | bool | `false` | Enable allocation and announcement of service LoadBalancer IPs | -| bgp.announce.podCIDR | bool | `false` | Enable announcement of node pod CIDR | -| bgp.enabled | bool | `false` | Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside cilium-agent and cilium-operator | -| bgpControlPlane | object | `{"enabled":false,"secretsNamespace":{"create":false,"name":"kube-system"}}` | This feature set enables virtual BGP routers to be created via CiliumBGPPeeringPolicy CRDs. | +| bgpControlPlane | object | `{"enabled":false,"secretsNamespace":{"create":false,"name":"kube-system"},"statusReport":{"enabled":true}}` | This feature set enables virtual BGP routers to be created via CiliumBGPPeeringPolicy CRDs. | | bgpControlPlane.enabled | bool | `false` | Enables the BGP control plane. | | bgpControlPlane.secretsNamespace | object | `{"create":false,"name":"kube-system"}` | SecretsNamespace is the namespace which BGP support will retrieve secrets from. | | bgpControlPlane.secretsNamespace.create | bool | `false` | Create secrets namespace for BGP secrets. | | bgpControlPlane.secretsNamespace.name | string | `"kube-system"` | The name of the secret namespace to which Cilium agents are given read access | +| bgpControlPlane.statusReport | object | `{"enabled":true}` | Status reporting settings (BGPv2 only) | +| bgpControlPlane.statusReport.enabled | bool | `true` | Enable/Disable BGPv2 status reporting It is recommended to enable status reporting in general, but if you have any issue such as high API server load, you can disable it by setting this to false. | | bpf.authMapMax | int | `524288` | Configure the maximum number of entries in auth map. | | bpf.autoMount.enabled | bool | `true` | Enable automatic mount of BPF filesystem When `autoMount` is enabled, the BPF filesystem is mounted at `bpf.root` path on the underlying host and inside the cilium agent pod. If users disable `autoMount`, it's expected that users have mounted bpffs filesystem at the specified `bpf.root` volume, and then the volume will be mounted inside the cilium agent pod at the same path. | +| bpf.ctAccounting | bool | `false` | Enable CT accounting for packets and bytes | | bpf.ctAnyMax | int | `262144` | Configure the maximum number of entries for the non-TCP connection tracking table. | | bpf.ctTcpMax | int | `524288` | Configure the maximum number of entries in the TCP connection tracking table. | | bpf.datapathMode | string | `veth` | Mode for Pod devices for the core datapath (veth, netkit, netkit-l2, lb-only) | | bpf.disableExternalIPMitigation | bool | `false` | Disable ExternalIP mitigation (CVE-2020-8554) | | bpf.enableTCX | bool | `true` | Attach endpoint programs using tcx instead of legacy tc hooks on supported kernels. | -| bpf.events | object | `{"drop":{"enabled":true},"policyVerdict":{"enabled":true},"trace":{"enabled":true}}` | Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. | +| bpf.events | object | `{"default":{"burstLimit":null,"rateLimit":null},"drop":{"enabled":true},"policyVerdict":{"enabled":true},"trace":{"enabled":true}}` | Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. Helm configuration for BPF events map rate limiting is experimental and might change in upcoming releases. | +| bpf.events.default | object | `{"burstLimit":null,"rateLimit":null}` | Default settings for all types of events except dbg and pcap. | +| bpf.events.default.burstLimit | int | `0` | Configure the maximum number of messages that can be written to BPF events map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must also be provided lest the configuration is considered invalid. Setting both burstLimit and rateLimit to 0 disables BPF events rate limiting. | +| bpf.events.default.rateLimit | int | `0` | Configure the limit of messages per second that can be written to BPF events map. The number of messages is averaged, meaning that if no messages were written to the map over 5 seconds, it's possible to write more events in the 6th second. If rateLimit is greater than 0, non-zero value for burstLimit must also be provided lest the configuration is considered invalid. Setting both burstLimit and rateLimit to 0 disables BPF events rate limiting. | | bpf.events.drop.enabled | bool | `true` | Enable drop events. | | bpf.events.policyVerdict.enabled | bool | `true` | Enable policy verdict events. | | bpf.events.trace.enabled | bool | `true` | Enable trace events. | | bpf.hostLegacyRouting | bool | `false` | Configure whether direct routing mode should route traffic via host stack (true) or directly and more efficiently out of BPF (false) if the kernel supports it. The latter has the implication that it will also bypass netfilter in the host namespace. | +| bpf.lbAlgorithmAnnotation | bool | `false` | Enable the option to define the load balancing algorithm on a per-service basis through service.cilium.io/lb-algorithm annotation. | | bpf.lbExternalClusterIP | bool | `false` | Allow cluster external access to ClusterIP services. | | bpf.lbMapMax | int | `65536` | Configure the maximum number of service entries in the load balancer maps. | +| bpf.lbModeAnnotation | bool | `false` | Enable the option to define the load balancing mode (SNAT or DSR) on a per-service basis through service.cilium.io/forwarding-mode annotation. | +| bpf.lbSourceRangeAllTypes | bool | `false` | Enable loadBalancerSourceRanges CIDR filtering for all service types, not just LoadBalancer services. The corresponding NodePort and ClusterIP (if enabled for cluster-external traffic) will also apply the CIDR filter. | | bpf.mapDynamicSizeRatio | float64 | `0.0025` | Configure auto-sizing for all BPF maps based on available memory. ref: https://docs.cilium.io/en/stable/network/ebpf/maps/ | | bpf.masquerade | bool | `false` | Enable native IP masquerade support in eBPF | | bpf.monitorAggregation | string | `"medium"` | Configure the level of aggregation for monitor notifications. Valid options are none, low, medium, maximum. | @@ -147,15 +156,18 @@ contributors across the globe, there is almost always someone available to help. | bpf.policyMapMax | int | `16384` | Configure the maximum number of entries in endpoint policy map (per endpoint). @schema type: [null, integer] @schema | | bpf.preallocateMaps | bool | `false` | Enables pre-allocation of eBPF map values. This increases memory usage but can reduce latency. | | bpf.root | string | `"/sys/fs/bpf"` | Configure the mount point for the BPF filesystem | -| bpf.tproxy | bool | `false` | Configure the eBPF-based TPROXY to reduce reliance on iptables rules for implementing Layer 7 policy. | +| bpf.tproxy | bool | `false` | Configure the eBPF-based TPROXY (beta) to reduce reliance on iptables rules for implementing Layer 7 policy. | | bpf.vlanBypass | list | `[]` | Configure explicitly allowed VLAN id's for bpf logic bypass. [0] will allow all VLAN id's without any filtering. | | bpfClockProbe | bool | `false` | Enable BPF clock source probing for more efficient tick retrieval. | -| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"image":{"digest":"sha256:169d93fd8f2f9009db3b9d5ccd37c2b753d0989e1e7cd8fe79f9160c459eef4f","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.2.0","useDigest":true},"podLabels":{},"tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | +| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"generateCA":true,"image":{"digest":"sha256:ab6b1928e9c5f424f6b0f51c68065b9fd85e2f8d3e5f21fbd1a3cb27e6fb9321","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.2.1","useDigest":true},"nodeSelector":{},"podLabels":{},"priorityClassName":"","tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | | certgen.affinity | object | `{}` | Affinity for certgen | | certgen.annotations | object | `{"cronJob":{},"job":{}}` | Annotations to be added to the hubble-certgen initial Job and CronJob | | certgen.extraVolumeMounts | list | `[]` | Additional certgen volumeMounts. | | certgen.extraVolumes | list | `[]` | Additional certgen volumes. | +| certgen.generateCA | bool | `true` | When set to true the certificate authority secret is created. | +| certgen.nodeSelector | object | `{}` | Node selector for certgen ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | certgen.podLabels | object | `{}` | Labels to be added to hubble-certgen pods | +| certgen.priorityClassName | string | `""` | Priority class for certgen ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass | | certgen.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | certgen.ttlSecondsAfterFinished | int | `1800` | Seconds after which the completed job pod will be deleted | | cgroup | object | `{"autoMount":{"enabled":true,"resources":{}},"hostRoot":"/run/cilium/cgroupv2"}` | Configure cgroup related configuration | @@ -163,7 +175,8 @@ contributors across the globe, there is almost always someone available to help. | cgroup.autoMount.resources | object | `{}` | Init Container Cgroup Automount resource limits & requests | | cgroup.hostRoot | string | `"/run/cilium/cgroupv2"` | Configure cgroup root where cgroup2 filesystem is mounted on the host (see also: `cgroup.autoMount`) | | ciliumEndpointSlice.enabled | bool | `false` | Enable Cilium EndpointSlice feature. | -| ciliumEndpointSlice.rateLimits | list | `[{"burst":20,"limit":10,"nodes":0},{"burst":15,"limit":7,"nodes":100},{"burst":10,"limit":5,"nodes":500}]` | List of rate limit options to be used for the CiliumEndpointSlice controller. Each object in the list must have the following fields: nodes: Count of nodes at which to apply the rate limit. limit: The sustained request rate in requests per second. The maximum rate that can be configured is 50. burst: The burst request rate in requests per second. The maximum burst that can be configured is 100. | +| ciliumEndpointSlice.rateLimits | list | `[{"burst":20,"limit":10,"nodes":0},{"burst":100,"limit":50,"nodes":100}]` | List of rate limit options to be used for the CiliumEndpointSlice controller. Each object in the list must have the following fields: nodes: Count of nodes at which to apply the rate limit. limit: The sustained request rate in requests per second. The maximum rate that can be configured is 50. burst: The burst request rate in requests per second. The maximum burst that can be configured is 100. | +| ciliumEndpointSlice.sliceMode | string | `"identity"` | The slicing mode to use for CiliumEndpointSlices. identity groups together CiliumEndpoints that share the same identity. fcfs groups together CiliumEndpoints in a first-come-first-serve basis, filling in the largest non-full slice first. | | cleanBpfState | bool | `false` | Clean all eBPF datapath state from the initContainer of the cilium-agent DaemonSet. WARNING: Use with care! | | cleanState | bool | `false` | Clean all local Cilium state from the initContainer of the cilium-agent DaemonSet. Implies cleanBpfState: true. WARNING: Use with care! | | cluster.id | int | `0` | Unique ID of the cluster. Must be unique across all connected clusters and in the range of 1 to 255. Only required for Cluster Mesh, may be 0 if Cluster Mesh is not used. | @@ -182,7 +195,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:8e7eda5b194d45c3b1607f5bf31cbb3fecd0f1cf85ce32b41f93b2bd832bf02f","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.7","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.1","useDigest":true}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -224,12 +237,13 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.replicas | int | `1` | Number of replicas run for the clustermesh-apiserver deployment. | | clustermesh.apiserver.resources | object | `{}` | Resource requests and limits for the clustermesh-apiserver | | clustermesh.apiserver.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Security context to be added to clustermesh-apiserver containers | -| clustermesh.apiserver.service.annotations | object | `{}` | Annotations for the clustermesh-apiserver For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: "true" | +| clustermesh.apiserver.service.annotations | object | `{}` | Annotations for the clustermesh-apiserver service. Example annotations to configure an internal load balancer on different cloud providers: * AKS: service.beta.kubernetes.io/azure-load-balancer-internal: "true" * EKS: service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" * GKE: networking.gke.io/load-balancer-type: "Internal" | | clustermesh.apiserver.service.enableSessionAffinity | string | `"HAOnly"` | Defines when to enable session affinity. Each replica in a clustermesh-apiserver deployment runs its own discrete etcd cluster. Remote clients connect to one of the replicas through a shared Kubernetes Service. A client reconnecting to a different backend will require a full resync to ensure data integrity. Session affinity can reduce the likelihood of this happening, but may not be supported by all cloud providers. Possible values: - "HAOnly" (default) Only enable session affinity for deployments with more than 1 replica. - "Always" Always enable session affinity. - "Never" Never enable session affinity. Useful in environments where session affinity is not supported, but may lead to slightly degraded performance due to more frequent reconnections. | | clustermesh.apiserver.service.externalTrafficPolicy | string | `"Cluster"` | The externalTrafficPolicy of service used for apiserver access. | | clustermesh.apiserver.service.internalTrafficPolicy | string | `"Cluster"` | The internalTrafficPolicy of service used for apiserver access. | | clustermesh.apiserver.service.loadBalancerClass | string | `nil` | Configure a loadBalancerClass. Allows to configure the loadBalancerClass on the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer (requires Kubernetes 1.24+). | | clustermesh.apiserver.service.loadBalancerIP | string | `nil` | Configure a specific loadBalancerIP. Allows to configure a specific loadBalancerIP on the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. | +| clustermesh.apiserver.service.loadBalancerSourceRanges | list | `[]` | Configure loadBalancerSourceRanges. Allows to configure the source IP ranges allowed to access the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. | | clustermesh.apiserver.service.nodePort | int | `32379` | Optional port to use as the node port for apiserver access. WARNING: make sure to configure a different NodePort in each cluster if kube-proxy replacement is enabled, as Cilium is currently affected by a known bug (#24692) when NodePorts are handled by the KPR implementation. If a service with the same NodePort exists both in the local and the remote cluster, all traffic originating from inside the cluster and targeting the corresponding NodePort will be redirected to a local backend, regardless of whether the destination node belongs to the local or the remote cluster. | | clustermesh.apiserver.service.type | string | `"NodePort"` | The type of service used for apiserver access. | | clustermesh.apiserver.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for the clustermesh-apiserver deployment | @@ -270,6 +284,7 @@ contributors across the globe, there is almost always someone available to help. | cni.logFile | string | `"/var/run/cilium/cilium-cni.log"` | Configure the log file for CNI logging with retention policy of 7 days. Disable CNI file logging by setting this field to empty explicitly. | | cni.resources | object | `{"requests":{"cpu":"100m","memory":"10Mi"}}` | Specifies the resources for the cni initContainer | | cni.uninstall | bool | `false` | Remove the CNI configuration and binary files on agent shutdown. Enable this if you're removing Cilium from the cluster. Disable this to prevent the CNI configuration file from being removed during agent upgrade, which can cause nodes to go unmanageable. | +| commonLabels | object | `{}` | commonLabels allows users to add common labels for all Cilium resources. | | conntrackGCInterval | string | `"0s"` | Configure how frequently garbage collection should occur for the datapath connection tracking table. | | conntrackGCMaxInterval | string | `""` | Configure the maximum frequency for the garbage collection of the connection tracking table. Only affects the automatic computation for the frequency and has no effect when 'conntrackGCInterval' is set. This can be set to more frequently clean up unused identities created from ToFQDN policies. | | crdWaitTimeout | string | `"5m"` | Configure timeout in which Cilium will exit if CRDs are not available | @@ -278,16 +293,18 @@ contributors across the globe, there is almost always someone available to help. | daemon.allowedConfigOverrides | string | `nil` | allowedConfigOverrides is a list of config-map keys that can be overridden. That is to say, if this value is set, config sources (excepting the first one) can only override keys in this list. This takes precedence over blockedConfigOverrides. By default, all keys may be overridden. To disable overrides, set this to "none" or change the configSources variable. | | daemon.blockedConfigOverrides | string | `nil` | blockedConfigOverrides is a list of config-map keys that may not be overridden. In other words, if any of these keys appear in a configuration source excepting the first one, they will be ignored This is ignored if allowedConfigOverrides is set. By default, all keys may be overridden. | | daemon.configSources | string | `nil` | Configure a custom list of possible configuration override sources The default is "config-map:cilium-config,cilium-node-config". For supported values, see the help text for the build-config subcommand. Note that this value should be a comma-separated string. | +| daemon.enableSourceIPVerification | bool | `true` | enableSourceIPVerification is a boolean flag to enable or disable the Source IP verification of endpoints. This flag is useful when Cilium is chained with other CNIs. By default, this functionality is enabled | | daemon.runPath | string | `"/var/run/cilium"` | Configure where Cilium runtime state should be stored. | | dashboards | object | `{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null}` | Grafana dashboards for cilium-agent grafana can import dashboards based on the label and value ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#sidecar-for-dashboards | | debug.enabled | bool | `false` | Enable debug logging | | debug.verbose | string | `nil` | Configure verbosity levels for debug logging This option is used to enable debug messages for operations related to such sub-system such as (e.g. kvstore, envoy, datapath or policy), and flow is for enabling debug messages emitted per request, message and connection. Multiple values can be set via a space-separated string (e.g. "datapath envoy"). Applicable values: - flow - kvstore - envoy - datapath - policy | +| defaultLBServiceIPAM | string | `"lbipam"` | defaultLBServiceIPAM indicates the default LoadBalancer Service IPAM when no LoadBalancer class is set. Applicable values: lbipam, nodeipam, none @schema type: [string] @schema | | directRoutingSkipUnreachable | bool | `false` | Enable skipping of PodCIDR routes between worker nodes if the worker nodes are in a different L2 network segment. | | disableEndpointCRD | bool | `false` | Disable the usage of CiliumEndpoint CRD. | | dnsPolicy | string | `""` | DNS policy for Cilium agent pods. Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | | dnsProxy.dnsRejectResponseCode | string | `"refused"` | DNS response code for rejecting DNS requests, available options are '[nameError refused]'. | | dnsProxy.enableDnsCompression | bool | `true` | Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. | -| dnsProxy.endpointMaxIpPerHostname | int | `50` | Maximum number of IPs to maintain per FQDN name for each endpoint. | +| dnsProxy.endpointMaxIpPerHostname | int | `1000` | Maximum number of IPs to maintain per FQDN name for each endpoint. | | dnsProxy.idleConnectionGracePeriod | string | `"0s"` | Time during which idle but previously active connections with expired DNS lookups are still considered alive. | | dnsProxy.maxDeferredConnectionDeletes | int | `10000` | Maximum number of IPs to retain for expired DNS lookups with still-active connections. | | dnsProxy.minTtl | int | `0` | The minimum time, in seconds, to use DNS data for toFQDNs policies. If the upstream DNS server returns a DNS record with a shorter TTL, Cilium overwrites the TTL with this value. Setting this value to zero means that Cilium will honor the TTLs returned by the upstream DNS server. | @@ -303,8 +320,11 @@ contributors across the globe, there is almost always someone available to help. | enableIPv4Masquerade | bool | `true` | Enables masquerading of IPv4 traffic leaving the node from endpoints. | | enableIPv6BIGTCP | bool | `false` | Enables IPv6 BIG TCP support which increases maximum IPv6 GSO/GRO limits for nodes and pods | | enableIPv6Masquerade | bool | `true` | Enables masquerading of IPv6 traffic leaving the node from endpoints. | +| enableInternalTrafficPolicy | bool | `true` | Enable Internal Traffic Policy | | enableK8sTerminatingEndpoint | bool | `true` | Configure whether to enable auto detect of terminating state for endpoints in order to support graceful termination. | +| enableLBIPAM | bool | `true` | Enable LoadBalancer IP Address Management | | enableMasqueradeRouteSource | bool | `false` | Enables masquerading to the source of the route for traffic leaving the node from endpoints. | +| enableNonDefaultDenyPolicies | bool | `true` | Enable Non-Default-Deny policies | | enableRuntimeDeviceDetection | bool | `true` | Enables experimental support for the detection of new and removed datapath devices. When devices change the eBPF datapath is reloaded and services updated. If "devices" is set then only those devices, or devices matching a wildcard will be considered. This option has been deprecated and is a no-op. | | enableXTSocketFallback | bool | `true` | Enables the fallback compatibility solution for when the xt_socket kernel module is missing and it is needed for the datapath L7 redirection to work properly. See documentation for details on when this can be disabled: https://docs.cilium.io/en/stable/operations/system_requirements/#linux-kernel. | | encryption.enabled | bool | `false` | Enable transparent network encryption. | @@ -322,8 +342,8 @@ contributors across the globe, there is almost always someone available to help. | encryption.strictMode.enabled | bool | `false` | Enable WireGuard Pod2Pod strict mode. | | encryption.type | string | `"ipsec"` | Encryption method. Can be either ipsec or wireguard. | | encryption.wireguard.persistentKeepalive | string | `"0s"` | Controls WireGuard PersistentKeepalive option. Set 0s to disable. | -| encryption.wireguard.userspaceFallback | bool | `false` | Enables the fallback to the user-space implementation (deprecated). | | endpointHealthChecking.enabled | bool | `true` | Enable connectivity health checking between virtual endpoints. | +| endpointLockdownOnMapOverflow | bool | `false` | Enable endpoint lockdown on policy map overflow. | | endpointRoutes.enabled | bool | `false` | Enable use of per endpoint routes instead of routing via the cilium_host interface. | | eni.awsEnablePrefixDelegation | bool | `false` | Enable ENI prefix delegation | | eni.awsReleaseExcessIPs | bool | `false` | Release IPs not used from the ENI | @@ -340,6 +360,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"cilium.io/no-schedule","operator":"NotIn","values":["true"]}]}]}},"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]},"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium-envoy"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-envoy. | | envoy.annotations | object | `{}` | Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) | | envoy.baseID | int | `0` | Set Envoy'--base-id' to use when allocating shared memory regions. Only needs to be changed if multiple Envoy instances will run on the same node and may have conflicts. Supported values: 0 - 4294967295. Defaults to '0' | +| envoy.bootstrapConfigMap | string | `nil` | ADVANCED OPTION: Bring your own custom Envoy bootstrap ConfigMap. Provide the name of a ConfigMap with a `bootstrap-config.json` key. When specified, Envoy will use this ConfigMap instead of the default provided by the chart. WARNING: Use of this setting has the potential to prevent cilium-envoy from starting up, and can cause unexpected behavior (e.g. due to syntax error or semantically incorrect configuration). Before submitting an issue, please ensure you have disabled this feature, as support cannot be provided for custom Envoy bootstrap configs. @schema type: [null, string] @schema | | envoy.connectTimeoutSeconds | int | `2` | Time in seconds after which a TCP connection attempt times out | | envoy.debug.admin.enabled | bool | `false` | Enable admin interface for cilium-envoy. This is useful for debugging and should not be enabled in production. | | envoy.debug.admin.port | int | `9901` | Port number (bound to loopback interface). kubectl port-forward can be used to access the admin interface. | @@ -352,14 +373,18 @@ contributors across the globe, there is almost always someone available to help. | envoy.extraVolumeMounts | list | `[]` | Additional envoy volumeMounts. | | envoy.extraVolumes | list | `[]` | Additional envoy volumes. | | envoy.healthPort | int | `9878` | TCP port for the health API. | +| envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | | envoy.image | object | `{"digest":"sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae","useDigest":true}` | Envoy container image. | | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | | envoy.log.accessLogBufferSize | int | `4096` | Size of the Envoy access log buffer created within the agent in bytes. Tune this value up if you encounter "Envoy: Discarded truncated access log message" errors. Large request/response header sizes (e.g. 16KiB) will require a larger buffer size. | -| envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. | +| envoy.log.defaultLevel | string | Defaults to the default log level of the Cilium Agent - `info` | Default log level of Envoy application log that is configured if Cilium debug / verbose logging isn't enabled. This option allows to have a different log level than the Cilium Agent - e.g. lower it to `critical`. Possible values: trace, debug, info, warning, error, critical, off | +| envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. If specified, Envoy will use text format output. This setting is mutually exclusive with envoy.log.format_json. | +| envoy.log.format_json | string | `nil` | The JSON logging format to use for Envoy. This setting is mutually exclusive with envoy.log.format. ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-applicationlogconfig-logformat-json-format | | envoy.log.path | string | `""` | Path to a separate Envoy log file, if any. Defaults to /dev/stdout. | +| envoy.maxConcurrentRetries | int | `128` | Maximum number of concurrent retries on Envoy clusters | | envoy.maxConnectionDurationSeconds | int | `0` | Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) | | envoy.maxRequestsPerConnection | int | `0` | ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy | | envoy.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for cilium-envoy. | @@ -426,6 +451,7 @@ contributors across the globe, there is almost always someone available to help. | gatewayAPI.secretsNamespace.sync | bool | `true` | Enable secret sync, which will make sure all TLS secrets used by Ingress are synced to secretsNamespace.name. If disabled, TLS secrets must be maintained externally. | | gatewayAPI.xffNumTrustedHops | int | `0` | The number of additional GatewayAPI proxy hops from the right side of the HTTP header to trust when determining the origin client's IP address. | | gke.enabled | bool | `false` | Enable Google Kubernetes Engine integration | +| healthCheckICMPFailureThreshold | int | `3` | Number of ICMP requests sent for each health check before marking a node or endpoint unreachable. | | healthChecking | bool | `true` | Enable connectivity health checking. | | healthPort | int | `9879` | TCP port for the agent health API. This is not the port for cilium-health. | | highScaleIPcache | object | `{"enabled":false}` | EnableHighScaleIPcache enables the special ipcache mode for high scale clusters. The ipcache content will be reduced to the strict minimum and traffic will be encapsulated to carry security identities. | @@ -447,8 +473,11 @@ contributors across the globe, there is almost always someone available to help. | hubble.export.fileMaxSizeMb | int | `10` | - Defines max file size of output file before it gets rotated. | | hubble.export.static | object | `{"allowList":[],"denyList":[],"enabled":false,"fieldMask":[],"filePath":"/var/run/cilium/hubble/events.log"}` | - Static exporter configuration. Static exporter is bound to agent lifecycle. | | hubble.listenAddress | string | `":4244"` | An additional address for Hubble to listen to. Set this field ":4244" if you are enabling Hubble Relay, as it assumes that Hubble is listening on port 4244. | -| hubble.metrics | object | `{"dashboards":{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null},"enableOpenMetrics":false,"enabled":null,"port":9965,"serviceAnnotations":{},"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"tlsConfig":{}},"tls":{"enabled":false,"server":{"cert":"","existingSecret":"","extraDnsNames":[],"extraIpAddresses":[],"key":"","mtls":{"enabled":false,"key":"ca.crt","name":null,"useSecret":false}}}}` | Hubble metrics configuration. See https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics for more comprehensive documentation about Hubble metrics. | +| hubble.metrics | object | `{"dashboards":{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null},"dynamic":{"config":{"configMapName":"cilium-dynamic-metrics-config","content":[{"contextOptions":[],"excludeFilters":[],"includeFilters":[],"name":"all"}],"createConfigMap":true},"enabled":false},"enableOpenMetrics":false,"enabled":null,"port":9965,"serviceAnnotations":{},"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"tlsConfig":{}},"tls":{"enabled":false,"server":{"cert":"","existingSecret":"","extraDnsNames":[],"extraIpAddresses":[],"key":"","mtls":{"enabled":false,"key":"ca.crt","name":null,"useSecret":false}}}}` | Hubble metrics configuration. See https://docs.cilium.io/en/stable/observability/metrics/#hubble-metrics for more comprehensive documentation about Hubble metrics. | | hubble.metrics.dashboards | object | `{"annotations":{},"enabled":false,"label":"grafana_dashboard","labelValue":"1","namespace":null}` | Grafana dashboards for hubble grafana can import dashboards based on the label and value ref: https://github.com/grafana/helm-charts/tree/main/charts/grafana#sidecar-for-dashboards | +| hubble.metrics.dynamic.config.configMapName | string | `"cilium-dynamic-metrics-config"` | -- Name of configmap with configuration that may be altered to reconfigure metric handlers within a running agent. | +| hubble.metrics.dynamic.config.content | list | `[{"contextOptions":[],"excludeFilters":[],"includeFilters":[],"name":"all"}]` | -- Exporters configuration in YAML format. | +| hubble.metrics.dynamic.config.createConfigMap | bool | `true` | -- True if helm installer should create config map. Switch to false if you want to self maintain the file content. | | hubble.metrics.enableOpenMetrics | bool | `false` | Enables exporting hubble metrics in OpenMetrics format. | | hubble.metrics.enabled | string | `nil` | Configures the list of metrics to collect. If empty or null, metrics are disabled. Example: enabled: - dns:query;ignoreAAAA - drop - tcp - flow - icmp - http You can specify the list of metrics from the helm CLI: --set hubble.metrics.enabled="{dns:query;ignoreAAAA,drop,tcp,flow,icmp,http}" | | hubble.metrics.port | int | `9965` | Configure the port the hubble metric server listens on. | @@ -479,14 +508,14 @@ contributors across the globe, there is almost always someone available to help. | hubble.redact.kafka.apiKey | bool | `false` | Enables redacting Kafka's API key. Example: redact: enabled: true kafka: apiKey: true You can specify the options from the helm CLI: --set hubble.redact.enabled="true" --set hubble.redact.kafka.apiKey="true" | | hubble.relay.affinity | object | `{"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for hubble-replay | | hubble.relay.annotations | object | `{}` | Annotations to be added to all top-level hubble-relay objects (resources under templates/hubble-relay) | -| hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). | +| hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). This option has been deprecated and is a no-op. | | hubble.relay.enabled | bool | `false` | Enable Hubble Relay (requires hubble.enabled=true) | | hubble.relay.extraEnv | list | `[]` | Additional hubble-relay environment variables. | | hubble.relay.extraVolumeMounts | list | `[]` | Additional hubble-relay volumeMounts. | | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:8f408ed921cd534394aa1c57b313741cec6aec03a14ea243b2173cbf2c88c91e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.7","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.1","useDigest":true}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -514,7 +543,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.securityContext | object | `{"capabilities":{"drop":["ALL"]},"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | hubble-relay container security context | | hubble.relay.service | object | `{"nodePort":31234,"type":"ClusterIP"}` | hubble-relay service configuration. | | hubble.relay.service.nodePort | int | `31234` | - The port to use when the service type is set to NodePort. | -| hubble.relay.service.type | string | `"ClusterIP"` | - The type of service used for Hubble Relay access, either ClusterIP or NodePort. | +| hubble.relay.service.type | string | `"ClusterIP"` | - The type of service used for Hubble Relay access, either ClusterIP, NodePort or LoadBalancer. | | hubble.relay.sortBufferDrainTimeout | string | `nil` | When the per-request flows sort buffer is not full, a flow is drained every time this timeout is reached (only affects requests in follow-mode) (e.g. "1s"). | | hubble.relay.sortBufferLenMax | int | `nil` | Max number of flows that can be buffered for sorting before being sent to the client (per request) (e.g. 100). | | hubble.relay.terminationGracePeriodSeconds | int | `1` | Configure termination grace period for hubble relay Deployment. | @@ -568,6 +597,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | | hubble.ui.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":["chart-example.local"],"labels":{},"tls":[]}` | hubble-ui ingress configuration. | +| hubble.ui.labels | object | `{}` | Additional labels to be added to 'hubble-ui' deployment object | | hubble.ui.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | hubble.ui.podAnnotations | object | `{}` | Annotations to be added to hubble-ui pods | | hubble.ui.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -590,9 +620,9 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | hubble.ui.topologySpreadConstraints | list | `[]` | Pod topology spread constraints for hubble-ui | | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | -| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | +| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:294d2432507fed393b26e9fbfacb25c2e37095578cb34dabac7312b66ed0782e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.7","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Agent container image. | | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -624,7 +654,9 @@ contributors across the globe, there is almost always someone available to help. | installNoConntrackIptablesRules | bool | `false` | Install Iptables rules to skip netfilter connection tracking on all pod traffic. This option is only effective when Cilium is running in direct routing and full KPR mode. Moreover, this option cannot be enabled when Cilium is running in a managed Kubernetes environment or in a chained CNI setup. | | ipMasqAgent | object | `{"enabled":false}` | Configure the eBPF-based ip-masq-agent | | ipam.ciliumNodeUpdateRate | string | `"15s"` | Maximum rate at which the CiliumNode custom resource is updated. | +| ipam.installUplinkRoutesForDelegatedIPAM | bool | `false` | Install ingress/egress routes through uplink on host for Pods when working with delegated IPAM plugin. | | ipam.mode | string | `"cluster-pool"` | Configure IP Address Management mode. ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ | +| ipam.multiPoolPreAllocation | string | `""` | Pre-allocation settings for IPAM in Multi-Pool mode | | ipam.operator.autoCreateCiliumPodIPPools | object | `{}` | IP pools to auto-create in multi-pool IPAM mode. | | ipam.operator.clusterPoolIPv4MaskSize | int | `24` | IPv4 CIDR mask size to delegate to individual nodes for IPAM. | | ipam.operator.clusterPoolIPv4PodCIDRList | list | `["10.0.0.0/8"]` | IPv4 CIDR list range to delegate to individual nodes for IPAM. | @@ -632,6 +664,7 @@ contributors across the globe, there is almost always someone available to help. | ipam.operator.clusterPoolIPv6PodCIDRList | list | `["fd00::/104"]` | IPv6 CIDR list range to delegate to individual nodes for IPAM. | | ipam.operator.externalAPILimitBurstSize | int | `20` | The maximum burst size when rate limiting access to external APIs. Also known as the token bucket capacity. | | ipam.operator.externalAPILimitQPS | float | `4.0` | The maximum queries per second when rate limiting access to external APIs. Also known as the bucket refill rate, which is used to refill the bucket up to the burst size capacity. | +| iptablesRandomFully | bool | `false` | Configure iptables--random-fully. Disabled by default. View https://github.com/cilium/cilium/issues/13037 for more information. | | ipv4.enabled | bool | `true` | Enable IPv4 support. | | ipv4NativeRoutingCIDR | string | `""` | Allows to explicitly specify the IPv4 CIDR for native routing. When specified, Cilium assumes networking for this CIDR is preconfigured and hands traffic destined for that range to the Linux network stack without applying any SNAT. Generally speaking, specifying a native routing CIDR implies that Cilium can depend on the underlying networking stack to route packets to their destination. To offer a concrete example, if Cilium is configured to use direct routing and the Kubernetes CIDR is included in the native routing CIDR, the user must configure the routes to reach pods, either manually or by setting the auto-direct-node-routes flag. | | ipv6.enabled | bool | `false` | Enable IPv6 support. | @@ -639,11 +672,16 @@ contributors across the globe, there is almost always someone available to help. | k8s | object | `{"requireIPv4PodCIDR":false,"requireIPv6PodCIDR":false}` | Configure Kubernetes specific configuration | | k8s.requireIPv4PodCIDR | bool | `false` | requireIPv4PodCIDR enables waiting for Kubernetes to provide the PodCIDR range via the Kubernetes node resource | | k8s.requireIPv6PodCIDR | bool | `false` | requireIPv6PodCIDR enables waiting for Kubernetes to provide the PodCIDR range via the Kubernetes node resource | -| k8sClientRateLimit | object | `{"burst":null,"qps":null}` | Configure the client side rate limit for the agent and operator If the amount of requests to the Kubernetes API server exceeds the configured rate limit, the agent and operator will start to throttle requests by delaying them until there is budget or the request times out. | -| k8sClientRateLimit.burst | int | 10 for k8s up to 1.26. 20 for k8s version 1.27+ | The burst request rate in requests per second. The rate limiter will allow short bursts with a higher rate. | -| k8sClientRateLimit.qps | int | 5 for k8s up to 1.26. 10 for k8s version 1.27+ | The sustained request rate in requests per second. | +| k8sClientRateLimit | object | `{"burst":null,"operator":{"burst":null,"qps":null},"qps":null}` | Configure the client side rate limit for the agent If the amount of requests to the Kubernetes API server exceeds the configured rate limit, the agent will start to throttle requests by delaying them until there is budget or the request times out. | +| k8sClientRateLimit.burst | int | 20 | The burst request rate in requests per second. The rate limiter will allow short bursts with a higher rate. | +| k8sClientRateLimit.operator | object | `{"burst":null,"qps":null}` | Configure the client side rate limit for the Cilium Operator | +| k8sClientRateLimit.operator.burst | int | 200 | The burst request rate in requests per second. The rate limiter will allow short bursts with a higher rate. | +| k8sClientRateLimit.operator.qps | int | 100 | The sustained request rate in requests per second. | +| k8sClientRateLimit.qps | int | 10 | The sustained request rate in requests per second. | | k8sNetworkPolicy.enabled | bool | `true` | Enable support for K8s NetworkPolicy | -| k8sServiceHost | string | `""` | Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap (kubeadm-based clusters only) | +| k8sServiceHost | string | `""` | Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap | +| k8sServiceLookupConfigMapName | string | `""` | When `k8sServiceHost=auto`, allows to customize the configMap name. It defaults to `cluster-info`. | +| k8sServiceLookupNamespace | string | `""` | When `k8sServiceHost=auto`, allows to customize the namespace that contains `k8sServiceLookupConfigMapName`. It defaults to `kube-public`. | | k8sServicePort | string | `""` | Kubernetes service port | | keepDeprecatedLabels | bool | `false` | Keep the deprecated selector labels when deploying Cilium DaemonSet. | | keepDeprecatedProbes | bool | `false` | Keep the deprecated probes when deploying Cilium DaemonSet | @@ -659,8 +697,9 @@ contributors across the globe, there is almost always someone available to help. | l7Proxy | bool | `true` | Enable Layer 7 network policy. | | livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | -| loadBalancer | object | `{"acceleration":"disabled","l7":{"algorithm":"round_robin","backend":"disabled","ports":[]}}` | Configure service load balancing | +| loadBalancer | object | `{"acceleration":"disabled","experimental":false,"l7":{"algorithm":"round_robin","backend":"disabled","ports":[]}}` | Configure service load balancing | | loadBalancer.acceleration | string | `"disabled"` | acceleration is the option to accelerate service handling via XDP Applicable values can be: disabled (do not use XDP), native (XDP BPF program is run directly out of the networking driver's early receive path), or best-effort (use native mode XDP acceleration on devices that support it). | +| loadBalancer.experimental | bool | `false` | experimental enables support for the experimental load-balancing control-plane. | | loadBalancer.l7 | object | `{"algorithm":"round_robin","backend":"disabled","ports":[]}` | L7 LoadBalancer | | loadBalancer.l7.algorithm | string | `"round_robin"` | Default LB algorithm The default LB algorithm to be used for services, which can be overridden by the service annotation (e.g. service.cilium.io/lb-l7-algorithm) Applicable values: round_robin, least_request, random | | loadBalancer.l7.backend | string | `"disabled"` | Enable L7 service load balancing via envoy proxy. The request to a k8s service, which has specific annotation e.g. service.cilium.io/lb-l7, will be forwarded to the local backend proxy to be load balanced to the service endpoints. Please refer to docs for supported annotations for more configuration. Applicable values: - envoy: Enable L7 load balancing via envoy proxy. This will automatically set enable-envoy-config as well. - disabled: Disable L7 load balancing by way of service annotation. | @@ -671,6 +710,7 @@ contributors across the globe, there is almost always someone available to help. | monitor | object | `{"enabled":false}` | cilium-monitor sidecar. | | monitor.enabled | bool | `false` | Enable the cilium-monitor sidecar. | | name | string | `"cilium"` | Agent container name. | +| namespaceOverride | string | `""` | namespaceOverride allows to override the destination namespace for Cilium resources. This property allows to use Cilium as part of an Umbrella Chart with different targets. | | nat.mapStatsEntries | int | `32` | Number of the top-k SNAT map connections to track in Cilium statedb. | | nat.mapStatsInterval | string | `"30s"` | Interval between how often SNAT map is counted for stats. | | nat46x64Gateway | object | `{"enabled":false}` | Configure standalone NAT46/NAT64 gateway | @@ -719,7 +759,7 @@ contributors across the globe, there is almost always someone available to help. | operator.hostNetwork | bool | `true` | HostNetwork setting | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:dbdc856303e1ab6734538e29791fdfc4fe2c1295fd7bbce8fa006cd3165f85c8","awsDigest":"sha256:110d922337bdbfc3cd4d7d71b85b2c8f72c1d9925e9b61b4cd73ff990799d7ba","azureDigest":"sha256:4e7e64cc505676d402c68043934e2c8efc75b294245514d7611a58d06b5e0f69","genericDigest":"sha256:25a41ac50bcebfb780ed2970e55a5ba1a5f26996850ed5a694dc69b312e0b5a0","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.7","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c","awsDigest":"sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6","azureDigest":"sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b","genericDigest":"sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.1","useDigest":true}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -732,7 +772,7 @@ contributors across the globe, there is almost always someone available to help. | operator.pprof.enabled | bool | `false` | Enable pprof for cilium-operator | | operator.pprof.port | int | `6061` | Configure pprof listen port for cilium-operator | | operator.priorityClassName | string | `""` | The priority class to use for cilium-operator | -| operator.prometheus | object | `{"enabled":true,"port":9963,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":null}}` | Enable prometheus metrics for cilium-operator on the configured port at /metrics | +| operator.prometheus | object | `{"enabled":true,"metricsService":false,"port":9963,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":null}}` | Enable prometheus metrics for cilium-operator on the configured port at /metrics | | operator.prometheus.serviceMonitor.annotations | object | `{}` | Annotations to add to ServiceMonitor cilium-operator | | operator.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) | | operator.prometheus.serviceMonitor.interval | string | `"10s"` | Interval for scrape metrics. | @@ -769,7 +809,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:294d2432507fed393b26e9fbfacb25c2e37095578cb34dabac7312b66ed0782e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.7","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -788,7 +828,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.updateStrategy | object | `{"type":"RollingUpdate"}` | preflight update strategy | | preflight.validateCNPs | bool | `true` | By default we should always validate the installed CNPs before upgrading Cilium. This will make sure the user will have the policies deployed in the cluster with the right schema. | | priorityClassName | string | `""` | The priority class to use for cilium-agent. | -| prometheus | object | `{"controllerGroupMetrics":["write-cni-file","sync-host-ips","sync-lb-maps-with-k8s-services"],"enabled":false,"metrics":null,"port":9962,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"trustCRDsExist":false}}` | Configure prometheus metrics on the configured port at /metrics | +| prometheus | object | `{"controllerGroupMetrics":["write-cni-file","sync-host-ips","sync-lb-maps-with-k8s-services"],"enabled":false,"metrics":null,"metricsService":false,"port":9962,"serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","jobLabel":"","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}],"trustCRDsExist":false}}` | Configure prometheus metrics on the configured port at /metrics | | prometheus.controllerGroupMetrics | list | `["write-cni-file","sync-host-ips","sync-lb-maps-with-k8s-services"]` | - Enable controller group metrics for monitoring specific Cilium subsystems. The list is a list of controller group names. The special values of "all" and "none" are supported. The set of controller group names is not guaranteed to be stable between Cilium versions. | | prometheus.metrics | string | `nil` | Metrics that should be enabled or disabled from the default metric list. The list is expected to be separated by a space. (+metric_foo to enable metric_foo , -metric_bar to disable metric_bar). ref: https://docs.cilium.io/en/stable/observability/metrics/ | | prometheus.serviceMonitor.annotations | object | `{}` | Annotations to add to ServiceMonitor cilium-agent | @@ -806,6 +846,8 @@ contributors across the globe, there is almost always someone available to help. | resources | object | `{}` | Agent resource limits & requests ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | rollOutCiliumPods | bool | `false` | Roll out cilium agent pods automatically when configmap is updated. | | routingMode | string | `"tunnel"` | Enable native-routing mode or tunneling mode. Possible values: - "" - native - tunnel | +| scheduling | object | `{"mode":"anti-affinity"}` | Scheduling configurations for cilium pods | +| scheduling.mode | string | Defaults to apply a pod anti-affinity rule to the agent pod - `anti-affinity` | Mode specifies how Cilium daemonset pods should be scheduled to Nodes. `anti-affinity` mode applies a pod anti-affinity rule to the cilium daemonset. Pod anti-affinity may significantly impact scheduling throughput for large clusters. See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity `kube-scheduler` mode forgoes the anti-affinity rule for full scheduling throughput. Kube-scheduler avoids host port conflict when scheduling pods. | | sctp | object | `{"enabled":false}` | SCTP Configuration Values | | sctp.enabled | bool | `false` | Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. | | securityContext.capabilities.applySysctlOverwrites | list | `["SYS_ADMIN","SYS_CHROOT","SYS_PTRACE"]` | capabilities for the `apply-sysctl-overwrites` init container | @@ -829,7 +871,7 @@ contributors across the globe, there is almost always someone available to help. | sysctlfix | object | `{"enabled":true}` | Configure sysctl override described in #20072. | | sysctlfix.enabled | bool | `true` | Enable the sysctl override. When enabled, the init container will mount the /proc of the host so that the `sysctlfix` utility can execute. | | terminationGracePeriodSeconds | int | `1` | Configure termination grace period for cilium-agent DaemonSet. | -| tls | object | `{"ca":{"cert":"","certValidityDuration":1095,"key":""},"caBundle":{"enabled":false,"key":"ca.crt","name":"cilium-root-ca.crt","useSecret":false},"secretsBackend":"local"}` | Configure TLS configuration in the agent. | +| tls | object | `{"ca":{"cert":"","certValidityDuration":1095,"key":""},"caBundle":{"enabled":false,"key":"ca.crt","name":"cilium-root-ca.crt","useSecret":false},"readSecretsOnlyFromSecretsNamespace":null,"secretSync":{"enabled":null},"secretsBackend":null,"secretsNamespace":{"create":true,"name":"cilium-secrets"}}` | Configure TLS configuration in the agent. | | tls.ca | object | `{"cert":"","certValidityDuration":1095,"key":""}` | Base64 encoded PEM values for the CA certificate and private key. This can be used as common CA to generate certificates used by hubble and clustermesh components. It is neither required nor used when cert-manager is used to generate the certificates. | | tls.ca.cert | string | `""` | Optional CA cert. If it is provided, it will be used by cilium to generate all other certificates. Otherwise, an ephemeral CA is generated. | | tls.ca.certValidityDuration | int | `1095` | Generated certificates validity duration in days. This will be used for auto generated CA. | @@ -839,7 +881,13 @@ contributors across the globe, there is almost always someone available to help. | tls.caBundle.key | string | `"ca.crt"` | Entry of the ConfigMap containing the CA trust bundle. | | tls.caBundle.name | string | `"cilium-root-ca.crt"` | Name of the ConfigMap containing the CA trust bundle. | | tls.caBundle.useSecret | bool | `false` | Use a Secret instead of a ConfigMap. | -| tls.secretsBackend | string | `"local"` | This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies (namely the secrets referenced by terminatingTLS and originatingTLS). Possible values: - local - k8s | +| tls.readSecretsOnlyFromSecretsNamespace | string | `nil` | Configure if the Cilium Agent will only look in `tls.secretsNamespace` for CiliumNetworkPolicy relevant Secrets. If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access to _all_ secrets in the entire cluster. This is not recommended and is included for backwards compatibility. This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old setting, and `false` == `k8s`. | +| tls.secretSync | object | `{"enabled":null}` | Configures settings for synchronization of TLS Interception Secrets | +| tls.secretSync.enabled | string | `nil` | Enable synchronization of Secrets for TLS Interception. If disabled and tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. | +| tls.secretsBackend | string | `nil` | This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies (namely the secrets referenced by terminatingTLS and originatingTLS). This value is DEPRECATED and will be removed in a future version. Use `tls.readSecretsOnlyFromSecretsNamespace` instead. Possible values: - local - k8s | +| tls.secretsNamespace | object | `{"create":true,"name":"cilium-secrets"}` | Configures where secrets used in CiliumNetworkPolicies will be looked for | +| tls.secretsNamespace.create | bool | `true` | Create secrets namespace for TLS Interception secrets. | +| tls.secretsNamespace.name | string | `"cilium-secrets"` | Name of TLS Interception secret namespace. | | tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for agent scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | tunnelPort | int | Port 8472 for VXLAN, Port 6081 for Geneve | Configure VXLAN and Geneve tunnel port. | | tunnelProtocol | string | `"vxlan"` | Tunneling protocol to use in tunneling mode and for ad-hoc tunnels. Possible values: - "" - vxlan - geneve | diff --git a/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json b/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json index a2ba01d8..e6cf5c26 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json +++ b/packages/system/cilium/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json @@ -3,7 +3,10 @@ "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -14,183 +17,272 @@ }, "description": "Dashboard for Cilium (https://cilium.io/) metrics", "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 1, - "iteration": 1606309591568, + "id": 1, "links": [], "panels": [ { - "aliasColors": { - "error": "#890f02", - "warning": "#c15c17" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#c15c17", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 0 }, - "hiddenSeries": false, "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "error", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", "expr": "sum(rate(cilium_errors_warnings_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, level) * 60", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{level}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Errors & Warnings", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#cffaff" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#cffaff", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 0 }, - "hiddenSeries": false, "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(irate(cilium_process_cpu_seconds_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 100", "format": "time_series", "intervalFactor": 1, @@ -198,6 +290,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(irate(cilium_process_cpu_seconds_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 100", "format": "time_series", "intervalFactor": 1, @@ -205,6 +301,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(irate(cilium_process_cpu_seconds_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 100", "format": "time_series", "intervalFactor": 1, @@ -212,46 +312,8 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "CPU Usage per node", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "collapsed": false, @@ -268,72 +330,181 @@ "type": "row" }, { - "aliasColors": { - "AVG_virtual_memory_bytes": "#508642", - "Average Virtual Memory": "#f9d9f9", - "MAX_virtual_memory_bytes": "#e5ac0e", - "Max Virtual Memory": "#584477" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "AVG_virtual_memory_bytes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Average Virtual Memory" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "MAX_virtual_memory_bytes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Virtual Memory" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#584477", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Virtual Memory" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Min Virtual Memory" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min Virtual Memory" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 8, "x": 0, "y": 6 }, - "hiddenSeries": false, "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max Virtual Memory", - "fillBelowTo": "Min Virtual Memory", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Min Virtual Memory", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_process_virtual_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -341,6 +512,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_process_virtual_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -348,6 +523,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_process_virtual_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -355,103 +534,112 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Virtual Memory Bytes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "MAX_resident_memory_bytes_max": "#e5ac0e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "MAX_resident_memory_bytes_max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 8, "x": 8, "y": 6 }, - "hiddenSeries": false, "id": 24, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_process_resident_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "interval": "", @@ -460,6 +648,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_process_resident_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "interval": "", @@ -468,6 +660,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_process_resident_memory_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -475,106 +671,112 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Resident memory status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "all nodes": "#e5a8e2" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "all nodes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5a8e2", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 8, "x": 16, "y": 6 }, - "hiddenSeries": false, "id": 98, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "all nodes", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -582,6 +784,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -589,6 +795,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -596,6 +806,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_process_open_fds{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "intervalFactor": 1, @@ -603,54 +817,10 @@ "refId": "D" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Open file descriptors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "MAX_resident_memory_bytes_max": "#e5ac0e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -658,49 +828,102 @@ "description": "BPF memory usage in the entire system including components not managed by Cilium.", "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "MAX_resident_memory_bytes_max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 11 }, - "hiddenSeries": false, "id": 178, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_bpf_maps_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"} + cilium_bpf_progs_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "hide": false, @@ -710,6 +933,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_bpf_maps_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"} + cilium_bpf_progs_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "hide": false, @@ -719,6 +946,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_bpf_maps_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"} + cilium_bpf_progs_virtual_memory_max_bytes{k8s_app=\"cilium\", pod=~\"$pod\"})", "format": "time_series", "hide": false, @@ -729,54 +960,10 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "System-wide BPF memory usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:136", - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:137", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -784,93 +971,95 @@ "description": "Fill percentage of BPF maps, tagged by map name", "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "max": 1, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 11 }, - "hiddenSeries": false, "id": 194, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "cilium_bpf_map_pressure{k8s_app=\"cilium\", pod=~\"$pod\"}", "interval": "", "legendFormat": "", "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "BPF map pressure", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:230", - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1.0", - "min": null, - "show": true - }, - { - "$$hashKey": "object:231", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "collapsed": false, @@ -887,61 +1076,135 @@ "type": "row" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 18 }, - "hiddenSeries": false, "id": 152, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_agent_api_process_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -949,103 +1212,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API call latency (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 18 }, - "hiddenSeries": false, "id": 153, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_agent_api_process_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -1053,103 +1352,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API call latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 24 }, - "hiddenSeries": false, "id": 156, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -1157,103 +1492,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# API calls (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 24 }, - "hiddenSeries": false, "id": 157, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -1261,103 +1632,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# API calls (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 30 }, - "hiddenSeries": false, "id": 159, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path, return_code)", "format": "time_series", "intervalFactor": 1, @@ -1365,103 +1772,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API return codes (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 30 }, - "hiddenSeries": false, "id": 158, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_agent_api_process_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path, return_code)", "format": "time_series", "intervalFactor": 1, @@ -1469,46 +1912,8 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "API return codes (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "collapsed": false, @@ -1525,14 +1930,7 @@ "type": "row" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -1540,172 +1938,300 @@ "y": 37 }, "id": 144, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "BPF", "type": "text" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 38 }, - "hiddenSeries": false, "id": 146, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", "expr": "avg(rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{operation}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# system calls (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": 2, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 38 }, - "hiddenSeries": false, "id": 145, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, @@ -1713,104 +2239,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# system calls (max node)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 46 }, - "hiddenSeries": false, "id": 140, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_bpf_syscall_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/ rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, @@ -1818,101 +2380,99 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "system call latency (avg node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 46 }, - "hiddenSeries": false, "id": 148, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_bpf_syscall_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/ rate(cilium_bpf_syscall_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, operation)", "format": "time_series", "intervalFactor": 1, @@ -1920,103 +2480,117 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "system call latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 8, "x": 0, "y": 52 }, - "hiddenSeries": false, "id": 142, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, avg(rate(cilium_bpf_map_ops_total{k8s_app=\"cilium\", pod=~\"$pod\"}[5m])) by (pod, map_name, operation))", "format": "time_series", "intervalFactor": 1, @@ -2024,103 +2598,117 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "map ops (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 8, "x": 8, "y": 52 }, - "hiddenSeries": false, "id": 147, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, max(rate(cilium_bpf_map_ops_total{k8s_app=\"cilium\", pod=~\"$pod\"}[5m])) by (pod, map_name, operation))", "format": "time_series", "intervalFactor": 1, @@ -2128,103 +2716,137 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "map ops (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 8, "x": 16, "y": 52 }, - "hiddenSeries": false, "id": 143, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_bpf_map_ops_total{k8s_app=\"cilium\",outcome=\"fail\", pod=~\"$pod\"}[5m])) by (pod, map_name, operation)", "format": "time_series", "intervalFactor": 1, @@ -2232,56 +2854,11 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "map ops (sum failures)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -2289,68 +2866,157 @@ "y": 58 }, "id": 182, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "kvstore", "type": "text" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": 2, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 59 }, - "hiddenSeries": false, "id": 184, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(kvstore_operations_total{pod=~\"$pod\"}[1m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -2358,105 +3024,141 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# operations (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": 2, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 59 }, - "hiddenSeries": false, "id": 186, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(kvstore_operations_total{pod=~\"$pod\"}[1m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -2464,104 +3166,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "# operations (max node)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 64 }, - "hiddenSeries": false, "id": 188, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, avg(rate(cilium_kvstore_operations_duration_seconds_sum{pod=~\"$pod\"}[1m])) by (pod, action, scope) / avg(rate(cilium_kvstore_operations_duration_seconds_count{pod=~\"$pod\"}[1m])) by (pod, action, scope))", "format": "time_series", "intervalFactor": 1, @@ -2569,103 +3307,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "latency (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 64 }, - "hiddenSeries": false, "id": 190, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "topk(5, max(rate(cilium_kvstore_operations_duration_seconds_sum{pod=~\"$pod\"}[1m])) by (pod, action, scope) / avg(rate(cilium_kvstore_operations_duration_seconds_count{pod=~\"$pod\"}[1m])) by (pod, action, scope))", "format": "time_series", "intervalFactor": 1, @@ -2673,101 +3448,137 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 69 }, - "hiddenSeries": false, "id": 192, - "legend": { - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kvstore_events_queue_seconds_count{pod=~\"$pod\"}[1m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -2775,56 +3586,11 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Events received (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -2832,63 +3598,112 @@ "y": 75 }, "id": 47, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Cilium network information", "type": "text" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "pps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 76 }, - "hiddenSeries": false, "id": 81, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_forward_count_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, direction)", "format": "time_series", "intervalFactor": 1, @@ -2896,104 +3711,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Forwarded Packets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 76 }, - "hiddenSeries": false, "id": 111, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "EGRESS", - "yaxis": 1 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_forward_bytes_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, direction) * 8", "format": "time_series", "intervalFactor": 1, @@ -3001,139 +3808,380 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Forwarded Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 82 }, - "hiddenSeries": false, "id": 56, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3142,6 +4190,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3149,6 +4201,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3156,6 +4212,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3163,6 +4223,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3170,139 +4234,380 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv4 Conntrack TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 82 }, - "hiddenSeries": false, "id": 128, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3311,6 +4616,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3318,6 +4627,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3325,6 +4638,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3332,6 +4649,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3339,139 +4660,380 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv6 Conntrack TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 88 }, - "hiddenSeries": false, "id": 129, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3480,6 +5042,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3487,6 +5053,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3494,6 +5064,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3501,6 +5075,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv4\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3508,139 +5086,380 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv4 Conntrack Non-TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Alive ipv4": "#0a50a1", - "Alive ipv4 non-TCP": "#f9d9f9", - "Alive ipv6": "#614d93", - "Alive ipv6 TCP": "#806eb7", - "Alive ipv6 non-TCP": "#614d93", - "Alive CT entries ipv6": "#badff4", - "Deleted CT entries ipv4": "#bf1b00", - "Deleted ipv4": "#890f02", - "Deleted ipv4 non-TCP": "#890f02", - "Deleted ipv6": "#bf1b00", - "L7 denied request": "#890f02", - "L7 forwarded request": "#7eb26d", - "avg": "#e0f9d7", - "deleted": "#6ed0e0", - "deleted max": "#447ebc", - "max": "#629e51", - "min": "#629e51" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Alive ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive ipv6 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alive CT entries ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#badff4", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted CT entries ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv4 non-TCP" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Deleted ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "deleted max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629e51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 88 }, - "hiddenSeries": false, "id": 130, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "deleted", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "deleted max", - "yaxis": 2 - }, - { - "alias": "deleted min", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "interval": "", @@ -3649,6 +5468,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3656,6 +5479,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"alive\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3663,6 +5490,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3670,6 +5501,10 @@ "refId": "D" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_datapath_conntrack_gc_entries{k8s_app=\"cilium\", status=\"deleted\", family=\"ipv6\", protocol=\"non-TCP\", pod=~\"$pod\"}) by (family,status)", "format": "time_series", "intervalFactor": 1, @@ -3677,109 +5512,132 @@ "refId": "E" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "IPv6 Conntrack Non-TCP", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "ipv4": "#5195ce", - "ipv6": "#6d1f62" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": null, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195ce", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6d1f62", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 94 }, - "hiddenSeries": false, "id": 87, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "" + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_ip_addresses{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod, family)\n", "format": "time_series", "intervalFactor": 1, @@ -3787,102 +5645,127 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Allocated Addresses", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "dump_interrupts conntrack ipv4": "#ea6460", - "dump_interrupts conntrack ipv6": "#58140c" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "dump_interrupts conntrack ipv4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#ea6460", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "dump_interrupts conntrack ipv6" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 94 }, - "hiddenSeries": false, "id": 79, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_datapath_conntrack_dump_resets_total{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod, area, family, name)", "format": "time_series", "intervalFactor": 1, @@ -3890,99 +5773,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Datapath Conntrack Dump Resets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 99 }, - "hiddenSeries": false, "id": 106, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_services_events_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, action)", "format": "time_series", "intervalFactor": 1, @@ -3990,108 +5870,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Service Updates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 99 }, - "hiddenSeries": false, "id": 89, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "avg(cilium_unreachable_health_endpoints) by (pod)", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "average unreachable health endpoints", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_unreachable_nodes{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4099,6 +5967,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_unreachable_health_endpoints{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4106,99 +5978,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Connectivity Health", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 104 }, - "hiddenSeries": false, "id": 39, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_count_total{direction=\"EGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (reason)", "format": "time_series", "intervalFactor": 1, @@ -4206,128 +6075,203 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Dropped Egress Packets", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Avg": "#cca300", - "Max": "rgb(167, 150, 111)" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#cca300", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(167, 150, 111)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "add k8s" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete k8s" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update k8s" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "add local-node" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 104 }, - "hiddenSeries": false, "id": 93, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max", - "fillBelowTo": "Min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Min", - "lines": false - }, - { - "alias": "add k8s", - "yaxis": 2 - }, - { - "alias": "delete k8s", - "yaxis": 2 - }, - { - "alias": "update k8s", - "yaxis": 2 - }, - { - "alias": "add local-node", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_nodes_all_events_received_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, event_type, source) * 60", "format": "time_series", "intervalFactor": 1, @@ -4335,99 +6279,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Node Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 109 }, - "hiddenSeries": false, "id": 113, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_bytes_total{direction=\"EGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (reason) * 8", "format": "time_series", "intervalFactor": 1, @@ -4435,114 +6376,155 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Dropped Egress Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Average Nodes": "#eab839", - "Max Nodes": "#c15c17" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Average Nodes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#eab839", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Nodes" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#c15c17", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max Nodes" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "Min Nodes" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min Nodes" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 109 }, - "hiddenSeries": false, "id": 91, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max Nodes", - "fillBelowTo": "Min Nodes", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Min Nodes", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_nodes_all_num{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4550,6 +6532,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_nodes_all_num{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4557,6 +6543,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_nodes_all_num{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4564,56 +6554,11 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Nodes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -4621,76 +6566,158 @@ "y": 114 }, "id": 28, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Policy", "type": "text" }, { - "aliasColors": { - "L7 denied request": "#ea6460", - "L7 forwarded request": "#7eb26d", - "denied": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "L7 denied request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#ea6460", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "L7 forwarded request" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "denied" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 115 }, - "hiddenSeries": false, "id": 53, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "L7 denied request", - "yaxis": 2 + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "denied", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"denied\"}[1m]))", "format": "time_series", "intervalFactor": 1, @@ -4698,6 +6725,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"forwarded\"}[1m]))", "format": "time_series", "intervalFactor": 1, @@ -4705,6 +6736,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"received\"}[1m]))", "format": "time_series", "intervalFactor": 1, @@ -4712,99 +6747,96 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "L7 forwarded request", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 115 }, - "hiddenSeries": false, "id": 37, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_count_total{direction=\"INGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[5m])) by (reason)", "format": "time_series", "intervalFactor": 1, @@ -4812,123 +6844,207 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Cilium drops Ingress", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Max per node processingTime": "#e24d42", - "Max per node upstreamTime": "#58140c", - "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})": "#bf1b00", - "parse errors": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 120 }, - "hiddenSeries": false, "id": 94, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Max per node processingTime", - "yaxis": 2 + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Max per node upstreamTime", - "yaxis": 2 - }, - { - "alias": "avg(cilium_policy_l7_total{pod=~\"cilium.*\", rule=\"parse_errors\"})", - "yaxis": 2 - }, - { - "alias": "parse errors", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_proxy_upstream_reply_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_proxy_upstream_reply_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "interval": "", @@ -4937,6 +7053,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"parse_errors\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -4944,99 +7064,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Proxy response time (Avg)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bps" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 120 }, - "hiddenSeries": false, "id": 114, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_drop_bytes_total{direction=\"INGRESS\", k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (reason) * 8", "format": "time_series", "intervalFactor": 1, @@ -5044,125 +7161,209 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Dropped Ingress Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#64b0c8", - "count": "#9ac48a", - "max": "#5195ce", - "min": "#6ed0e0" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#64b0c8", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "count" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#9ac48a", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195ce", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ed0e0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "avg count" + }, + "properties": [ + { + "id": "unit", + "value": "opm" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max count" + }, + "properties": [ + { + "id": "unit", + "value": "opm" + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 125 }, - "hiddenSeries": false, "id": 104, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false - }, - { - "alias": "avg count", - "yaxis": 2 - }, - { - "alias": "max count", - "yaxis": 2 - }, - { - "alias": "avg count" + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(rate(cilium_triggers_policy_update_call_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_triggers_policy_update_call_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5170,6 +7371,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_triggers_policy_update_call_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_triggers_policy_update_call_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5177,6 +7382,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_triggers_policy_update_call_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_triggers_policy_update_call_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5184,110 +7393,156 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policy Trigger Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Max per node processingTime": "#e24d42", - "Max per node upstreamTime": "#58140c", - "parse errors": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 125 }, - "hiddenSeries": false, "id": 66, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "parse errors", - "yaxis": 2 + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_proxy_upstream_reply_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope) / sum(rate(cilium_proxy_upstream_reply_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5295,6 +7550,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_policy_l7_total{k8s_app=\"cilium\", pod=~\"$pod\", rule=\"parse_errors\"}[1m])) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5302,107 +7561,159 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Proxy response time (Max)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "both": "#7eb26d", - "egress": "#e5ac0e", - "ingress": "#e0752d", - "none": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "both" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "egress" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e5ac0e", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ingress" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0752d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 6, "x": 0, "y": 130 }, - "hiddenSeries": false, "id": 33, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_policy_endpoint_enforcement_status{k8s_app=\"cilium\", pod=~\"$pod\"}) by (enforcement)", "format": "time_series", "hide": false, @@ -5413,115 +7724,170 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoints policy enforcement status", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": true, - "values": [ - "total" - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#b7dbab", - "max": "rgba(89, 132, 76, 0.54)", - "min": "#2f575e" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#b7dbab", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgba(89, 132, 76, 0.54)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#2f575e", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 6, "x": 6, "y": 130 }, - "hiddenSeries": false, "id": 100, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_proxy_redirects{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5529,6 +7895,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_proxy_redirects{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5536,6 +7906,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_proxy_redirects{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5543,120 +7917,227 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Proxy Redirects", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "average duration": "#d683ce", - "folds": "#614d93", - "max duration": "#614d93", - "max trigger": "#967302", - "min duration": "#584477", - "min trigger": "#fceaca" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "average duration" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#d683ce", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "folds" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max duration" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max trigger" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#967302", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min duration" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#584477", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min trigger" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#fceaca", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min trigger" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min trigger" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "folds" + }, + "properties": [ + { + "id": "unit", + "value": "short" + } + ] + } + ] }, - "fill": 2, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 130 }, - "hiddenSeries": false, "id": 102, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min trigger", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min trigger", - "lines": false - }, - { - "alias": "folds", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(rate(cilium_triggers_policy_update_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5664,6 +8145,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_triggers_policy_update_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5671,6 +8156,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_triggers_policy_update_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5678,6 +8167,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_triggers_policy_update_folds{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod) * 60", "format": "time_series", "intervalFactor": 1, @@ -5685,123 +8178,172 @@ "refId": "D" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policy Trigger Runs", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "max": "#f2c96d", - "policy errors": "#bf1b00", - "policy change errors": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f2c96d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "policy change errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "policy errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 135 }, - "hiddenSeries": false, "id": 85, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "policy errors", - "yaxis": 2 + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "max", - "fillBelowTo": "min", - "lines": false - }, - { - "alias": "min", - "lines": false - }, - { - "alias": "policy change errors", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_policy{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -5809,6 +8351,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_policy{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -5816,6 +8362,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_policy{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -5823,6 +8373,10 @@ "refId": "C" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_policy_change_total{k8s_app=\"cilium\", pod=~\"$pod\", outcome=\"fail\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -5830,110 +8384,160 @@ "refId": "D" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policies Per Node", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Max per node processingTime": "#e24d42", - "Max per node upstreamTime": "#58140c", - "parse errors": "#bf1b00" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max per node processingTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Max per node upstreamTime" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140c", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "parse errors" + }, + "properties": [ + { + "id": "unit", + "value": "s" + }, + { + "id": "custom.axisPlacement", + "value": "hidden" + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 135 }, - "hiddenSeries": false, "id": 123, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "parse errors", - "yaxis": 2 + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_proxy_upstream_reply_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, scope)", "format": "time_series", "intervalFactor": 1, @@ -5941,113 +8545,170 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "DNS proxy requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "avg": "#f9d9f9", - "max": "#806eb7", - "min": "#806eb7" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 35, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#f9d9f9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806eb7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "max" + }, + "properties": [ + { + "id": "custom.fillBelowTo", + "value": "min" + }, + { + "id": "custom.lineWidth", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "min" + }, + "properties": [ + { + "id": "custom.lineWidth", + "value": 0 + } + ] + } + ] }, - "fill": 0, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 140 }, - "hiddenSeries": false, "id": 117, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max", - "fillBelowTo": "min", - "lines": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "min", - "lines": false + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "min(cilium_policy_max_revision{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6055,6 +8716,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(cilium_policy_max_revision{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6062,6 +8727,10 @@ "refId": "B" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(cilium_policy_max_revision{k8s_app=\"cilium\", pod=~\"$pod\"}) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6069,56 +8738,11 @@ "refId": "C" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Policy Revision", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -6126,66 +8750,114 @@ "y": 145 }, "id": 73, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Endpoints", "type": "text" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": null, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 146 }, - "hiddenSeries": false, "id": 55, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(histogram_quantile(0.90, rate(cilium_endpoint_regeneration_time_stats_seconds_bucket{k8s_app=\"cilium\", scope!=\"total\", pod=~\"$pod\"}[5m]))) by (scope)", "format": "time_series", "intervalFactor": 1, @@ -6193,102 +8865,98 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoint regeneration time (90th percentile)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, - "decimals": null, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 146 }, - "hiddenSeries": false, "id": 115, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(histogram_quantile(0.99, rate(cilium_endpoint_regeneration_time_stats_seconds_bucket{k8s_app=\"cilium\", scope!=\"total\", pod=~\"$pod\"}[5m]))) by (scope)", "format": "time_series", "intervalFactor": 1, @@ -6296,112 +8964,160 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoint regeneration time (99th percentile)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "fail": "#bf1b00", - "fail/min": "#890f02", - "success": "#447ebc", - "success/min": "#3f6833" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail/min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#447ebc", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "success/min" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#3f6833", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 3, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 155 }, - "hiddenSeries": false, "id": 49, - "legend": { - "avg": true, - "current": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "fail", - "yaxis": 2 + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "success" + "tooltip": { + "mode": "single", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_endpoint_regenerations_total{k8s_app=\"cilium\", pod=~\"$pod\"}[30s])) by(outcome)", "format": "time_series", "instant": false, @@ -6410,104 +9126,144 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoint regenerations", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "disconnecting": "#614d93", - "ready": "rgba(81, 220, 95, 0.52)", - "waiting-to-regenerate": "#0a50a1" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "disconnecting" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614d93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ready" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgba(81, 220, 95, 0.52)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "waiting-to-regenerate" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0a50a1", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 155 }, - "hiddenSeries": false, "id": 51, - "legend": { - "alignAsTable": false, - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_endpoint_state{k8s_app=\"cilium\", pod=~\"$pod\"}) by (endpoint_state)", "format": "time_series", "intervalFactor": 1, @@ -6515,56 +9271,11 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Cilium endpoint state", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -6572,77 +9283,161 @@ "y": 160 }, "id": 74, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Controllers", "type": "text" }, { - "aliasColors": { - "Failed": "#bf1b00", - "Failing": "#890f02", - "Runs": "#5195ce" - }, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#bf1b00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Failing" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Runs" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195ce", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 3, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 0, "y": 161 }, - "hiddenSeries": false, "id": 70, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "Failing", - "yaxis": 1 + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "Failed", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_controllers_runs_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod)", "format": "time_series", "intervalFactor": 1, @@ -6650,6 +9445,10 @@ "refId": "A" }, { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(cilium_controllers_failing{k8s_app=\"cilium\", pod=~\"$pod\"}) by(pod)", "format": "time_series", "intervalFactor": 1, @@ -6657,120 +9456,192 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Controllers", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "duration failure": "#890f02", - "duration success": "#508642", - "failure": "#890f02", - "runs failure": "#890f02", - "runs success": "#7eb26d", - "success": "#508642" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "duration failure" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "duration success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failure" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "runs failure" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890f02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "runs success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7eb26d", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "success" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 5, "w": 12, "x": 12, "y": 161 }, - "hiddenSeries": false, "id": 68, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "hideEmpty": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "seriesOverrides": [ - { - "alias": "success", - "yaxis": 1 + "legend": { + "calcs": [ + "mean", + "max", + "min" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - { - "alias": "failure", - "yaxis": 2 + "tooltip": { + "mode": "multi", + "sort": "none" } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + }, + "pluginVersion": "10.4.3", + "repeatDirection": "h", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_controllers_runs_duration_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, status) / sum(rate(cilium_controllers_runs_duration_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, status)", "format": "time_series", "intervalFactor": 1, @@ -6778,56 +9649,11 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Controller Durations", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "content": "", "datasource": null, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, "gridPos": { "h": 1, "w": 24, @@ -6835,67 +9661,153 @@ "y": 166 }, "id": 60, - "links": [], - "mode": "markdown", + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "", + "mode": "markdown" + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "datasource": null, + "refId": "A" + } + ], "title": "Kubernetes integration", "type": "text" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 167 }, - "hiddenSeries": false, "id": 163, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_k8s_client_api_latency_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_k8s_client_api_latency_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -6903,103 +9815,137 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver latency (average node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 167 }, - "hiddenSeries": false, "id": 165, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "max(rate(cilium_k8s_client_api_latency_time_seconds_sum{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])/rate(cilium_k8s_client_api_latency_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -7007,103 +9953,140 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver latency (max node)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 174 }, - "hiddenSeries": false, "id": 168, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_k8s_client_api_latency_time_seconds_count{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, path)", "format": "time_series", "intervalFactor": 1, @@ -7111,103 +10094,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver #calls (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 174 }, - "hiddenSeries": false, "id": 166, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_k8s_client_api_calls_total{k8s_app=\"cilium\", pod=~\"$pod\"}[1m])) by (pod, method, return_code)", "format": "time_series", "intervalFactor": 1, @@ -7215,102 +10234,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "apiserver calls (sum all nodes)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 182 }, - "hiddenSeries": false, "id": 172, - "legend": { - "alignAsTable": false, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"true\", valid=\"true\", pod=~\"$pod\"}[5m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -7318,101 +10374,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Valid, Unnecessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 12, "y": 182 }, - "hiddenSeries": false, "id": 174, - "legend": { - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"true\", valid=\"false\", pod=~\"$pod\"}[5m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -7420,101 +10514,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Invalid, Unnecessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 188 }, - "hiddenSeries": false, "id": 175, - "legend": { - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"false\", valid=\"true\", pod=~\"$pod\"}[5m])) by (pod, scope, action, valid)", "format": "time_series", "intervalFactor": 1, @@ -7522,101 +10654,139 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Valid, Necessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 188 }, - "hiddenSeries": false, "id": 173, - "legend": { - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [ + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "sum(rate(cilium_kubernetes_events_received_total{k8s_app=\"cilium\", equal=\"false\", valid=\"false\", pod=~\"$pod\"}[5m])) by (pod, scope, action)", "format": "time_series", "intervalFactor": 1, @@ -7624,101 +10794,96 @@ "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Invalid, Necessary K8s Events Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 196 }, - "hiddenSeries": false, "id": 108, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"CiliumNetworkPolicy\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -7726,105 +10891,142 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "CiliumNetworkPolicy Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "create avg": "#70dbed", - "delete avg": "#e24d42", - "update avg": "#e0f9d7" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "create avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#70dbed", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 196 }, - "hiddenSeries": false, "id": 119, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"NetworkPolicy\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -7832,105 +11034,142 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "NetworkPolicy Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "create avg": "#70dbed", - "delete avg": "#e24d42", - "update avg": "#e0f9d7" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "create avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#70dbed", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 203 }, - "hiddenSeries": false, "id": 109, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Pod\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -7938,105 +11177,142 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Pod Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "create avg": "#70dbed", - "delete avg": "#e24d42", - "update avg": "#e0f9d7" - }, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "create avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#70dbed", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "delete avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e24d42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "update avg" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#e0f9d7", + "mode": "fixed" + } + } + ] + } + ] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 203 }, - "hiddenSeries": false, "id": 122, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Node\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8044,101 +11320,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Node Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 210 }, - "hiddenSeries": false, "id": 118, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Service\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8146,101 +11417,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Service Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 210 }, - "hiddenSeries": false, "id": 120, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Endpoint\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8248,101 +11514,96 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Endpoints Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": true, - "dashLength": 10, - "dashes": false, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "opm" }, "overrides": [] }, - "fill": 1, - "fillGradient": 0, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 217 }, - "hiddenSeries": false, "id": 121, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "10.4.3", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "expr": "avg(rate(cilium_kubernetes_events_total{k8s_app=\"cilium\", scope=\"Namespace\", pod=~\"$pod\"}[1m])) by (pod, action) * 60", "format": "time_series", "intervalFactor": 1, @@ -8350,51 +11611,12 @@ "refId": "B" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, "title": "Namespace Events", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "opm", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" } ], "refresh": false, - "schemaVersion": 25, - "style": "dark", + "schemaVersion": 39, "tags": [], "templating": { "list": [ @@ -8427,7 +11649,6 @@ "definition": "label_values(cilium_version, pod)", "hide": 0, "includeAll": true, - "label": null, "multi": false, "name": "pod", "options": [], @@ -8437,7 +11658,6 @@ "skipUrlSync": false, "sort": 1, "tagValuesQuery": "", - "tags": [], "tagsQuery": "", "type": "query", "useTags": false @@ -8475,5 +11695,6 @@ "timezone": "utc", "title": "Cilium Metrics", "uid": "vtuWtdumz", - "version": 1 + "version": 1, + "weekStart": "" } diff --git a/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml b/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml index 857529bf..b6438cb6 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml +++ b/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml @@ -157,6 +157,9 @@ staticResources: - name: "ingress-cluster" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -170,6 +173,9 @@ staticResources: - name: "egress-cluster-tls" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -188,6 +194,9 @@ staticResources: - name: "egress-cluster" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -201,6 +210,9 @@ staticResources: - name: "ingress-cluster-tls" type: "ORIGINAL_DST" connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s" + circuitBreakers: + thresholds: + - maxRetries: {{ .Values.envoy.maxConcurrentRetries }} lbPolicy: "CLUSTER_PROVIDED" typedExtensionProtocolOptions: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -274,6 +286,13 @@ overloadManager: typedConfig: "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig" max_active_downstream_connections: "50000" +applicationLogConfig: + logFormat: + {{- if .Values.envoy.log.format_json }} + jsonFormat: "{{ .Values.envoy.log.format_json | toJson }}" + {{- else }} + textFormat: "{{ .Values.envoy.log.format }}" + {{- end }} admin: address: pipe: diff --git a/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json b/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json index 116c2c98..3af7c97b 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json +++ b/packages/system/cilium/charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json @@ -1001,7 +1001,13 @@ "style": "dark", "tags": [], "templating": { - "list": [] + "list": [ + { + "type": "datasource", + "name": "DS_PROMETHEUS", + "query": "prometheus" + } + ] }, "time": { "from": "now-30m", diff --git a/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash b/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash index 92b84714..aa63cac8 100644 --- a/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash +++ b/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash @@ -161,44 +161,6 @@ mkdir -p {{ .Values.nodeinit.bootstrapFile | dir | quote }} date > {{ .Values.nodeinit.bootstrapFile | quote }} {{- end }} -{{- if .Values.azure.enabled }} -# AKS: If azure-vnet is installed on the node, and (still) configured in bridge mode, -# configure it as 'transparent' to be consistent with Cilium's CNI chaining config. -# If the azure-vnet CNI config is not removed, kubelet will execute CNI CHECK commands -# against it every 5 seconds and write 'bridge' to its state file, causing inconsistent -# behaviour when Pods are removed. -if [ -f /etc/cni/net.d/10-azure.conflist ]; then - echo "Ensuring azure-vnet is configured in 'transparent' mode..." - sed -i 's/"mode":\s*"bridge"/"mode":"transparent"/g' /etc/cni/net.d/10-azure.conflist -fi - -# The azure0 interface being present means the node was booted with azure-vnet configured -# in bridge mode. This means there might be ebtables rules and neight entries interfering -# with pod connectivity if we deploy with Azure IPAM. -if ip l show dev azure0 >/dev/null 2>&1; then - - # In Azure IPAM mode, also remove the azure-vnet state file, otherwise ebtables rules get - # restored by the azure-vnet CNI plugin on every CNI CHECK, which can cause connectivity - # issues in Cilium-managed Pods. Since azure-vnet is no longer called on scheduling events, - # this file can be removed. - rm -f /var/run/azure-vnet.json - - # This breaks connectivity for existing workload Pods when Cilium is scheduled, but we need - # to flush these to prevent Cilium-managed Pod IPs conflicting with Pod IPs previously allocated - # by azure-vnet. These ebtables DNAT rules contain fixed MACs that are no longer bound on the node, - # causing packets for these Pods to be redirected back out to the gateway, where they are dropped. - echo 'Flushing ebtables pre/postrouting rules in nat table.. (disconnecting non-Cilium Pods!)' - ebtables -t nat -F PREROUTING || true - ebtables -t nat -F POSTROUTING || true - - # ip-masq-agent periodically injects PERM neigh entries towards the gateway - # for all other k8s nodes in the cluster. These are safe to flush, as ARP can - # resolve these nodes as usual. PERM entries will be automatically restored later. - echo 'Deleting all permanent neighbour entries on azure0...' - ip neigh show dev azure0 nud permanent | cut -d' ' -f1 | xargs -r -n1 ip neigh del dev azure0 to || true -fi -{{- end }} - {{- if .Values.nodeinit.revertReconfigureKubelet }} rm -f /tmp/node-deinit.cilium.io {{- end }} diff --git a/packages/system/cilium/charts/cilium/files/spire/init.bash b/packages/system/cilium/charts/cilium/files/spire/init.bash index 4b6f57bd..4edb682c 100644 --- a/packages/system/cilium/charts/cilium/files/spire/init.bash +++ b/packages/system/cilium/charts/cilium/files/spire/init.bash @@ -22,9 +22,9 @@ echo "Spire Server is up, initializing cilium spire entries..." AGENT_SPIFFE_ID="spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/ns/{{ .Values.authentication.mutual.spire.install.namespace }}/sa/spire-agent" AGENT_SELECTORS="-selector k8s_psat:agent_ns:{{ .Values.authentication.mutual.spire.install.namespace }} -selector k8s_psat:agent_sa:spire-agent" CILIUM_AGENT_SPIFFE_ID="spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/cilium-agent" -CILIUM_AGENT_SELECTORS="-selector k8s:ns:{{ .Release.Namespace }} -selector k8s:sa:{{ .Values.serviceAccounts.cilium.name }}" +CILIUM_AGENT_SELECTORS="-selector k8s:ns:{{ include "cilium.namespace" . }} -selector k8s:sa:{{ .Values.serviceAccounts.cilium.name }}" CILIUM_OPERATOR_SPIFFE_ID="spiffe://{{ .Values.authentication.mutual.spire.trustDomain }}/cilium-operator" -CILIUM_OPERATOR_SELECTORS="-selector k8s:ns:{{ .Release.Namespace }} -selector k8s:sa:{{ .Values.serviceAccounts.operator.name }}" +CILIUM_OPERATOR_SELECTORS="-selector k8s:ns:{{ include "cilium.namespace" . }} -selector k8s:sa:{{ .Values.serviceAccounts.operator.name }}" while pgrep spire-server > /dev/null; do diff --git a/packages/system/cilium/charts/cilium/templates/_extensions.tpl b/packages/system/cilium/charts/cilium/templates/_extensions.tpl index 28168ff8..5da57e2e 100644 --- a/packages/system/cilium/charts/cilium/templates/_extensions.tpl +++ b/packages/system/cilium/charts/cilium/templates/_extensions.tpl @@ -48,3 +48,9 @@ disable-server-tls: true {{- define "hubble-relay.service.targetPort" -}} grpc {{- end }} + +{{/* +Allow packagers to add extra configuration to certgen. +*/}} +{{- define "certgen.config.extra" -}} +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/_helpers.tpl b/packages/system/cilium/charts/cilium/templates/_helpers.tpl index 8ae12c1f..dc113ba0 100644 --- a/packages/system/cilium/charts/cilium/templates/_helpers.tpl +++ b/packages/system/cilium/charts/cilium/templates/_helpers.tpl @@ -5,6 +5,13 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +Return the namespace to use for namespaced resources. +*/}} +{{- define "cilium.namespace" -}} +{{- .Values.namespaceOverride | default .Release.Namespace -}} +{{- end -}} + {{/* Render full image name from given values, e.g: ``` @@ -15,14 +22,18 @@ image: digest: abcdefgh ``` then `include "cilium.image" .Values.image` -will return `quay.io/cilium/cilium:v1.10.1@abcdefgh` +will return `quay.io/cilium/cilium:v1.10.1@abcdefgh`. +Note that you can omit the tag by setting its value to `null` or `""` (in case +your container engine doesn't support specifying both the tag and digest for +instance). */}} {{- define "cilium.image" -}} {{- $digest := (.useDigest | default false) | ternary (printf "@%s" .digest) "" -}} +{{- $tag := .tag | default "" | eq "" | ternary "" (printf ":%s" .tag) -}} {{- if .override -}} {{- printf "%s" .override -}} {{- else -}} -{{- printf "%s:%s%s" .repository .tag $digest -}} +{{- printf "%s%s%s" .repository $tag $digest -}} {{- end -}} {{- end -}} @@ -65,7 +76,7 @@ and `commonCASecretName` variables. {{- if and $crt $key }} {{- $ca = buildCustomCert $crt $key -}} {{- else }} - {{- with lookup "v1" "Secret" .Release.Namespace $secretName }} + {{- with lookup "v1" "Secret" (include "cilium.namespace" .) $secretName }} {{- $crt := index .data "ca.crt" }} {{- $key := index .data "ca.key" }} {{- $ca = buildCustomCert $crt $key -}} @@ -112,11 +123,16 @@ Convert a map to a comma-separated string: key1=value1,key2=value2 {{- end -}} {{/* -Enable automatic lookup of k8sServiceHost from the cluster-info ConfigMap (kubeadm-based clusters only) +Enable automatic lookup of k8sServiceHost from the cluster-info ConfigMap +When `auto`, it defaults to lookup for a `cluster-info` configmap on the `kube-public` namespace (kubeadm-based) +To override the namespace and configMap when using `auto`: +`.Values.k8sServiceLookupNamespace` and `.Values.k8sServiceLookupConfigMapName` */}} {{- define "k8sServiceHost" }} - {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} - {{- $configmap := (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} + {{- $configmapName := default "cluster-info" .Values.k8sServiceLookupConfigMapName }} + {{- $configmapNamespace := default "kube-public" .Values.k8sServiceLookupNamespace }} + {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} + {{- $configmap := (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} {{- $kubeconfig := get $configmap.data "kubeconfig" }} {{- $k8sServer := get ($kubeconfig | fromYaml) "clusters" | mustFirst | dig "cluster" "server" "" }} {{- $uri := (split "https://" $k8sServer)._1 | trim }} @@ -127,11 +143,16 @@ Enable automatic lookup of k8sServiceHost from the cluster-info ConfigMap (kubea {{- end }} {{/* -Enable automatic lookup of k8sServicePort from the cluster-info ConfigMap (kubeadm-based clusters only) +Enable automatic lookup of k8sServicePort from the cluster-info ConfigMap +When `auto`, it defaults to lookup for a `cluster-info` configmap on the `kube-public` namespace (kubeadm-based) +To override the namespace and configMap when using `auto`: +`.Values.k8sServiceLookupNamespace` and `.Values.k8sServiceLookupConfigMapName` */}} {{- define "k8sServicePort" }} - {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} - {{- $configmap := (lookup "v1" "ConfigMap" "kube-public" "cluster-info") }} + {{- $configmapName := default "cluster-info" .Values.k8sServiceLookupConfigMapName }} + {{- $configmapNamespace := default "kube-public" .Values.k8sServiceLookupNamespace }} + {{- if and (eq .Values.k8sServiceHost "auto") (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} + {{- $configmap := (lookup "v1" "ConfigMap" $configmapNamespace $configmapName) }} {{- $kubeconfig := get $configmap.data "kubeconfig" }} {{- $k8sServer := get ($kubeconfig | fromYaml) "clusters" | mustFirst | dig "cluster" "server" "" }} {{- $uri := (split "https://" $k8sServer)._1 | trim }} @@ -157,3 +178,35 @@ Return user specify envoy.enabled or default value based on the upgradeCompatibi {{- end }} {{- end }} {{- end }} + +{{/* +Return user specify tls.readSecretsOnlyFromSecretsNamespace and take into account tls.secretsBackend +*/}} +{{- define "readSecretsOnlyFromSecretsNamespace" }} + {{- if (not (kindIs "invalid" .Values.tls.readSecretsOnlyFromSecretsNamespace)) }} + {{- .Values.tls.readSecretsOnlyFromSecretsNamespace }} + {{- else if (not (kindIs "invalid" .Values.tls.secretsBackend)) }} + {{- if eq .Values.tls.secretsBackend "local" }} + {{- true }} + {{- else }} + {{ false }} + {{- end }} + {{- else }} + {{- true }} + {{- end }} +{{- end }} + +{{/* +Return user specify tls.secretSync.enabled or default value based on the upgradeCompatibility +*/}} +{{- define "secretSyncEnabled" }} + {{- if (not (kindIs "invalid" .Values.tls.secretSync.enabled)) }} + {{- .Values.tls.secretSync.enabled }} + {{- else }} + {{- if semverCompare ">=1.17" (default "1.17" .Values.upgradeCompatibility) }} + {{- true }} + {{- else }} + {{- false }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml index 900ddd87..6aef1b21 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrole.yaml @@ -1,3 +1,5 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.agent (not .Values.preflight.enabled) .Values.rbac.create }} {{- /* Keep file in sync with cilium-preflight/clusterrole.yaml @@ -12,6 +14,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - networking.k8s.io @@ -82,7 +87,7 @@ rules: # until we figure out how to avoid "get" inside the preflight, and then # should be removed ideally. - get -{{- if eq "k8s" .Values.tls.secretsBackend }} +{{- if not $readSecretsOnlyFromSecretsNamespace }} - apiGroups: - "" resources: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml index f05729ad..0003b513 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml index 27498c50..efe748cc 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -16,7 +16,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -25,9 +25,12 @@ metadata: k8s-app: cilium app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-agent + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.keepDeprecatedLabels }} kubernetes.io/cluster-service: "true" - {{- if and .Values.gke.enabled (eq .Release.Namespace "kube-system" ) }} + {{- if and .Values.gke.enabled (eq (include "cilium.namespace" .) "kube-system" ) }} {{- fail "Invalid configuration: Installing Cilium on GKE with 'kubernetes.io/cluster-service' labels on 'kube-system' namespace causes Cilium DaemonSet to be removed by GKE. Either install Cilium on a different Namespace or install with '--set keepDeprecatedLabels=false'" }} {{- end }} {{- end }} @@ -73,6 +76,9 @@ spec: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.keepDeprecatedLabels }} kubernetes.io/cluster-service: "true" {{- end }} @@ -250,7 +256,7 @@ spec: protocol: TCP {{- end }} {{- end }} - {{- if .Values.hubble.metrics.enabled }} + {{- if or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled }} - name: hubble-metrics containerPort: {{ .Values.hubble.metrics.port }} hostPort: {{ .Values.hubble.metrics.port }} @@ -358,11 +364,6 @@ spec: mountPath: {{ .Values.kubeConfigPath }} readOnly: true {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - mountPath: /var/lib/cilium/bgp - readOnly: true - {{- end }} {{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }} - name: hubble-metrics-tls mountPath: /var/lib/cilium/tls/hubble-metrics @@ -383,6 +384,11 @@ spec: mountPropagation: {{ .mountPropagation }} {{- end }} {{- end }} + {{- if .Values.hubble.metrics.dynamic.enabled }} + - name: hubble-dynamic-metrics-config + mountPath: /dynamic-metrics-config + readOnly: true + {{- end }} {{- if .Values.hubble.export.dynamic.enabled }} - name: hubble-flowlog-config mountPath: /flowlog-config @@ -763,10 +769,12 @@ spec: {{- if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy }} {{- end }} + {{- if (eq .Values.scheduling.mode "anti-affinity") }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -955,11 +963,6 @@ spec: configMap: name: {{ .Values.cni.configMap }} {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - configMap: - name: bgp-config - {{- end }} {{- if not .Values.securityContext.privileged }} - name: host-proc-sys-net hostPath: @@ -1035,6 +1038,12 @@ spec: {{- end }} {{- end }} + {{- if .Values.hubble.metrics.dynamic.enabled }} + - name: hubble-dynamic-metrics-config + configMap: + name: {{ .Values.hubble.metrics.dynamic.config.configMapName }} + optional: true + {{- end }} {{- if .Values.hubble.export.dynamic.enabled }} - name: hubble-flowlog-config configMap: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml index 6f19135d..c0ce2c2b 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/dashboards-configmap.yaml @@ -7,11 +7,14 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }} + namespace: {{ $.Values.dashboards.namespace | default (include "cilium.namespace" $) }} labels: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if $.Values.dashboards.label }} {{ $.Values.dashboards.label }}: {{ ternary $.Values.dashboards.labelValue "1" (not (empty $.Values.dashboards.labelValue)) | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml index e4ad86d1..0a2b43d1 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/role.yaml @@ -1,16 +1,21 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.agent (not .Values.preflight.enabled) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cilium-config-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -114,3 +119,27 @@ rules: - list - watch {{- end}} + +{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create $readSecretsOnlyFromSecretsNamespace .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cilium-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/part-of: cilium +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml index cfa8697b..01404e5f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml @@ -1,16 +1,21 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.agent (not .Values.preflight.enabled) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cilium-config-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -18,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.ingressController.enabled .Values.ingressController.secretsNamespace.name}} @@ -41,7 +46,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.gatewayAPI.enabled .Values.gatewayAPI.secretsNamespace.name}} @@ -64,7 +69,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.envoyConfig.enabled .Values.envoyConfig.secretsNamespace.name}} @@ -87,7 +92,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.serviceAccounts.cilium.create .Values.bgpControlPlane.enabled .Values.bgpControlPlane.secretsNamespace.name}} @@ -106,5 +111,24 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end}} + +{{- if and $readSecretsOnlyFromSecretsNamespace .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cilium-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + labels: + app.kubernetes.io/part-of: cilium +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cilium-tlsinterception-secrets +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccounts.cilium.name | quote }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml index df97f5ca..ecccdbe9 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml @@ -1,11 +1,11 @@ {{- $envoyDS := eq (include "envoyDaemonSetEnabled" .) "true" -}} {{- if and .Values.agent (not .Values.preflight.enabled) .Values.prometheus.enabled }} -{{- if .Values.prometheus.serviceMonitor.enabled }} +{{- if (or .Values.prometheus.serviceMonitor.enabled .Values.prometheus.metricsService) }} apiVersion: v1 kind: Service metadata: name: cilium-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP @@ -35,7 +38,7 @@ apiVersion: v1 kind: Service metadata: name: cilium-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} annotations: prometheus.io/scrape: "true" prometheus.io/port: {{ .Values.envoy.prometheus.port | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml index 2c2cf399..f0236fd3 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/serviceaccount.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.cilium.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.cilium.annotations .Values.annotations }} annotations: {{- with .Values.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml index c2ffa66c..09d11a5d 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml @@ -4,9 +4,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-agent - namespace: {{ .Values.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -22,10 +25,10 @@ metadata: spec: selector: matchLabels: - k8s-app: cilium + app.kubernetes.io/name: cilium-agent namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: metrics interval: {{ .Values.prometheus.serviceMonitor.interval | quote }} @@ -39,7 +42,11 @@ spec: metricRelabelings: {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.envoy.prometheus.serviceMonitor.enabled }} + # If envoy DaemonSet is enabled, we'll create a separate service for it + # If it is not enabled, that means envoy runs inside cilium-agent and we'll monitor using same service + {{- $envoyDS := eq (include "envoyDaemonSetEnabled" .) "true" -}} + {{- if and (not $envoyDS) (not .Values.preflight.enabled) .Values.envoy.prometheus.enabled .Values.envoy.prometheus.serviceMonitor.enabled }} + {{- if and .Values.envoy.enabled .Values.envoy.prometheus.serviceMonitor.enabled }} - port: envoy-metrics interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }} honorLabels: true @@ -53,6 +60,7 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} + {{- end }} targetLabels: - k8s-app {{- if .Values.prometheus.serviceMonitor.jobLabel }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml index 38522458..8282fbf8 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ca-bundle-configmap.yaml @@ -4,7 +4,12 @@ apiVersion: v1 kind: {{ .Values.tls.caBundle.useSecret | ternary "Secret" "ConfigMap" }} metadata: name: {{ .Values.tls.caBundle.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{ .Values.tls.caBundle.useSecret | ternary "stringData" "data" }}: {{ .Values.tls.caBundle.key }}: | {{- .Values.tls.caBundle.content | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml index f2225b93..f5a6674d 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ca-secret.yaml @@ -10,7 +10,11 @@ apiVersion: v1 kind: Secret metadata: name: {{ .commonCASecretName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} data: ca.crt: {{ .commonCA.Cert | b64enc }} ca.key: {{ .commonCA.Key | b64enc }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml index 36d250e9..aa461187 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml @@ -16,6 +16,8 @@ {{- $defaultK8sClientBurst := 10 -}} {{- $defaultDNSProxyEnableTransparentMode := "false" -}} {{- $envoyDS := eq (include "envoyDaemonSetEnabled" .) "true" -}} +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} {{- /* Default values when 1.8 was initially deployed */ -}} {{- if semverCompare ">=1.8" (default "1.8" .Values.upgradeCompatibility) -}} @@ -89,7 +91,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: cilium-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} data: {{- if .Values.etcd.enabled }} # The kvstore configuration is used to enable use of a kvstore for state @@ -125,7 +131,8 @@ data: {{- end }} # Identity allocation mode selects how identities are shared between cilium - # nodes by setting how they are stored. The options are "crd" or "kvstore". + # nodes by setting how they are stored. The options are "crd", "kvstore" or + # "doublewrite-readkvstore" / "doublewrite-readcrd". # - "crd" stores identities in kubernetes as CRDs (custom resource definition). # These can be queried with: # kubectl get ciliumid @@ -134,7 +141,11 @@ data: # backend. Upgrades from these older cilium versions should continue using # the kvstore by commenting out the identity-allocation-mode below, or # setting it to "kvstore". + # - "doublewrite" modes store identities in both the kvstore and CRDs. This is useful + # for seamless migrations from the kvstore mode to the crd mode. Consult the + # documentation for more information on how to perform the migration. identity-allocation-mode: {{ .Values.identityAllocationMode }} + identity-heartbeat-timeout: {{ include "validateDuration" .Values.operator.identityHeartbeatTimeout | quote }} identity-gc-interval: {{ include "validateDuration" .Values.operator.identityGCInterval | quote }} cilium-endpoint-gc-interval: {{ include "validateDuration" .Values.operator.endpointGCInterval | quote }} @@ -278,6 +289,15 @@ data: gateway-api-hostnetwork-nodelabelselector: {{ include "mapToString" .Values.gatewayAPI.hostNetwork.nodes.matchLabels | quote }} {{- end }} +{{- if and $readSecretsOnlyFromSecretsNamespace $secretSyncEnabled }} + enable-policy-secrets-sync: "true" +{{- end }} + +{{- if $readSecretsOnlyFromSecretsNamespace }} + policy-secrets-only-from-secrets-namespace: "true" + policy-secrets-namespace: {{ .Values.tls.secretsNamespace.name | quote}} +{{- end }} + {{- if hasKey .Values "loadBalancer" }} {{- if eq .Values.loadBalancer.l7.backend "envoy" }} loadbalancer-l7: "envoy" @@ -351,6 +371,13 @@ data: +{{- if .Values.bpf.events.default.rateLimit }} + bpf-events-default-rate-limit: {{ .Values.bpf.events.default.rateLimit | quote }} +{{- end }} +{{- if .Values.bpf.events.default.burstLimit }} + bpf-events-default-burst-limit: {{ .Values.bpf.events.default.burstLimit | quote }} +{{- end}} + {{- if .Values.bpf.mapDynamicSizeRatio }} # Specifies the ratio (0.0-1.0] of total system memory to use for dynamic # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps. @@ -398,6 +425,9 @@ data: bpf-ct-global-any-max: {{ $bpfCtAnyMax | quote }} {{- end }} {{- end }} +{{- if .Values.bpf.ctAccounting }} + bpf-conntrack-accounting: "{{ .Values.bpf.ctAccounting }}" +{{- end }} {{- if .Values.bpf.natMax }} # bpf-nat-global-max specified the maximum number of entries in the # BPF NAT table. @@ -421,6 +451,15 @@ data: {{- if hasKey .Values.bpf "lbExternalClusterIP" }} bpf-lb-external-clusterip: {{ .Values.bpf.lbExternalClusterIP | quote }} {{- end }} +{{- if hasKey .Values.bpf "lbSourceRangeAllTypes" }} + bpf-lb-source-range-all-types: {{ .Values.bpf.lbSourceRangeAllTypes | quote }} +{{- end }} +{{- if hasKey .Values.bpf "lbAlgorithmAnnotation" }} + bpf-lb-algorithm-annotation: {{ .Values.bpf.lbAlgorithmAnnotation | quote }} +{{- end }} +{{- if hasKey .Values.bpf "lbModeAnnotation" }} + bpf-lb-mode-annotation: {{ .Values.bpf.lbModeAnnotation | quote }} +{{- end }} bpf-events-drop-enabled: {{ .Values.bpf.events.drop.enabled | quote }} bpf-events-policy-verdict-enabled: {{ .Values.bpf.events.policyVerdict.enabled | quote }} @@ -461,25 +500,15 @@ data: {{- if ne (.Values.routingMode | default "native") "native" }} {{- fail (printf "RoutingMode must be set to native when gke.enabled=true" )}} {{- end }} - routing-mode: "native" enable-endpoint-routes: "true" {{- else if .Values.aksbyocni.enabled }} {{- if ne (.Values.routingMode | default "tunnel") "tunnel" }} {{- fail (printf "RoutingMode must be set to tunnel when aksbyocni.enabled=true" )}} {{- end }} - routing-mode: "tunnel" - tunnel-protocol: "vxlan" -{{- else if .Values.routingMode }} - routing-mode: {{ .Values.routingMode | quote }} -{{- else }} - # Default case - routing-mode: "tunnel" - tunnel-protocol: "vxlan" {{- end }} -{{- if .Values.tunnelProtocol }} - tunnel-protocol: {{ .Values.tunnelProtocol | quote }} -{{- end }} + routing-mode: {{ .Values.routingMode | default (ternary "native" "tunnel" .Values.gke.enabled) | quote }} + tunnel-protocol: {{ .Values.tunnelProtocol | default "vxlan" | quote }} {{- if .Values.tunnelPort }} tunnel-port: {{ .Values.tunnelPort | quote }} @@ -614,9 +643,6 @@ data: enable-ipsec-encrypted-overlay: {{ .Values.encryption.ipsec.encryptedOverlay | quote }} {{- else if eq .Values.encryption.type "wireguard" }} enable-wireguard: {{ .Values.encryption.enabled | quote }} - {{- if .Values.encryption.wireguard.userspaceFallback }} - enable-wireguard-userspace-fallback: {{ .Values.encryption.wireguard.userspaceFallback | quote }} - {{- end }} {{- if .Values.encryption.wireguard.persistentKeepalive }} wireguard-persistent-keepalive: {{ .Values.encryption.wireguard.persistentKeepalive | quote }} {{- end }} @@ -725,12 +751,12 @@ data: {{- end }} {{- if hasKey .Values "hostPort" }} -{{- if or (eq $kubeProxyReplacement "partial") (eq $kubeProxyReplacement "false") }} +{{- if eq $kubeProxyReplacement "partial" }} enable-host-port: {{ .Values.hostPort.enabled | quote }} {{- end }} {{- end }} {{- if hasKey .Values "externalIPs" }} -{{- if or (eq $kubeProxyReplacement "partial") (eq $kubeProxyReplacement "false") }} +{{- if eq $kubeProxyReplacement "partial" }} enable-external-ips: {{ .Values.externalIPs.enabled | quote }} {{- end }} {{- end }} @@ -776,6 +802,13 @@ data: {{- end }} {{- if hasKey .Values.loadBalancer "serviceTopology" }} enable-service-topology: {{ .Values.loadBalancer.serviceTopology | quote }} +# {{- end }} + +{{- if hasKey .Values.loadBalancer "experimental" }} + enable-experimental-lb: {{ .Values.loadBalancer.experimental | quote }} +{{- end }} +{{- if hasKey .Values.loadBalancer "protocolDifferentiation" }} + bpf-lb-proto-diff: {{ .Values.loadBalancer.protocolDifferentiation.enabled | quote }} {{- end }} {{- end }} @@ -826,9 +859,13 @@ data: {{- if and .Values.endpointRoutes .Values.endpointRoutes.enabled }} enable-endpoint-routes: {{ .Values.endpointRoutes.enabled | quote }} {{- end }} +{{- if and .Values.ipam .Values.ipam.installUplinkRoutesForDelegatedIPAM }} + install-uplink-routes-for-delegated-ipam: {{ .Values.ipam.installUplinkRoutesForDelegatedIPAM | quote }} +{{- end }} {{- if hasKey .Values.k8sNetworkPolicy "enabled" }} enable-k8s-networkpolicy: {{ .Values.k8sNetworkPolicy.enabled | quote }} {{- end }} + enable-endpoint-lockdown-on-policy-overflow: {{ .Values.endpointLockdownOnMapOverflow | quote }} {{- if .Values.cni.configMap }} read-cni-conf: {{ .Values.cni.confFileMountPath }}/{{ .Values.cni.configMapKey }} {{- if .Values.cni.customConf }} @@ -868,6 +905,9 @@ data: {{- if hasKey .Values "healthChecking" }} enable-health-checking: {{ .Values.healthChecking | quote }} {{- end }} +{{- if .Values.healthCheckICMPFailureThreshold }} + health-check-icmp-failure-threshold: {{ .Values.healthCheckICMPFailureThreshold | quote }} +{{- end }} {{- if .Values.wellKnownIdentities.enabled }} enable-well-known-identities: "true" {{- else }} @@ -957,13 +997,17 @@ data: {{- if .Values.hubble.export.static.enabled }} hubble-export-file-path: {{ .Values.hubble.export.static.filePath | quote }} hubble-export-fieldmask: {{ .Values.hubble.export.static.fieldMask | join " " | quote }} - hubble-export-allowlist: {{ .Values.hubble.export.static.allowList | join "," | quote }} - hubble-export-denylist: {{ .Values.hubble.export.static.denyList | join "," | quote }} + hubble-export-allowlist: {{ .Values.hubble.export.static.allowList | join " " | quote }} + hubble-export-denylist: {{ .Values.hubble.export.static.denyList | join " " | quote }} {{- end }} {{- if .Values.hubble.export.dynamic.enabled }} hubble-flowlogs-config-path: /flowlog-config/flowlogs.yaml {{- end }} {{- end }} +{{- if .Values.hubble.metrics.dynamic.enabled }} + hubble-dynamic-metrics-config-path: /dynamic-metrics-config/dynamic-metrics.yaml + hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}" +{{- end }} {{- if hasKey .Values.hubble "listenAddress" }} # An additional address for Hubble server to listen to (e.g. ":4244"). hubble-listen-address: {{ .Values.hubble.listenAddress | quote }} @@ -997,6 +1041,9 @@ data: {{- else }} ipam: {{ $ipam | quote }} {{- end }} +{{- if hasKey .Values.ipam "multiPoolPreAllocation" }} + ipam-multi-pool-pre-allocation: {{ .Values.ipam.multiPoolPreAllocation }} +{{- end }} {{- if .Values.ipam.ciliumNodeUpdateRate }} ipam-cilium-node-update-rate: {{ include "validateDuration" .Values.ipam.ciliumNodeUpdateRate | quote }} @@ -1048,6 +1095,8 @@ data: enable-node-ipam: "true" {{- end }} + default-lb-service-ipam: "{{ .Values.defaultLBServiceIPAM }}" + {{- if .Values.apiRateLimit }} api-rate-limit: {{ .Values.apiRateLimit | quote }} {{- end }} @@ -1115,21 +1164,10 @@ data: l2-pod-announcements-interface: {{ .Values.l2podAnnouncements.interface | quote }} {{- end }} -{{- if and .Values.bgp.enabled (and (not .Values.bgp.announce.loadbalancerIP) (not .Values.bgp.announce.podCIDR)) }} - {{ fail "BGP was enabled, but no announcements were enabled. Please enable one or more announcements." }} -{{- end }} - -{{- if and .Values.bgp.enabled .Values.bgp.announce.loadbalancerIP }} - bgp-announce-lb-ip: {{ .Values.bgp.announce.loadbalancerIP | quote }} -{{- end }} - -{{- if and .Values.bgp.enabled .Values.bgp.announce.podCIDR }} - bgp-announce-pod-cidr: {{ .Values.bgp.announce.podCIDR | quote }} -{{- end}} - {{- if .Values.bgpControlPlane.enabled }} enable-bgp-control-plane: "true" bgp-secrets-namespace: {{ .Values.bgpControlPlane.secretsNamespace.name | quote }} + enable-bgp-control-plane-status-report: {{ .Values.bgpControlPlane.statusReport.enabled | quote }} {{- end }} {{- if .Values.pmtuDiscovery.enabled }} @@ -1162,6 +1200,9 @@ data: {{- if .Values.ciliumEndpointSlice.rateLimits }} ces-rate-limits: {{ .Values.ciliumEndpointSlice.rateLimits | toJson | quote }} {{- end }} + {{- if .Values.ciliumEndpointSlice.sliceMode }} + ces-slice-mode: {{ .Values.ciliumEndpointSlice.sliceMode | quote }} + {{- end }} {{- end }} {{- if hasKey .Values "enableK8sTerminatingEndpoint" }} @@ -1181,8 +1222,19 @@ data: annotate-k8s-node: "true" {{- end }} - k8s-client-qps: {{ .Values.k8sClientRateLimit.qps | default $defaultK8sClientQPS | quote}} - k8s-client-burst: {{ .Values.k8sClientRateLimit.burst | default $defaultK8sClientBurst | quote }} +{{- with .Values.k8sClientRateLimit.qps }} + k8s-client-qps: {{ . | quote }} +{{- end }} +{{- with .Values.k8sClientRateLimit.burst }} + k8s-client-burst: {{ . | quote }} +{{- end }} + +{{- with .Values.k8sClientRateLimit.operator.qps }} + operator-k8s-client-qps: {{ .| quote }} +{{- end }} +{{- with .Values.k8sClientRateLimit.operator.burst }} + operator-k8s-client-burst: {{ .| quote }} +{{- end }} {{- if and .Values.operator.setNodeTaints (not .Values.operator.removeNodeTaints) -}} {{ fail "Cannot have operator.setNodeTaintsMaxNodes and not operator.removeNodeTaints = false" }} @@ -1277,6 +1329,8 @@ data: proxy-max-requests-per-connection: {{ .Values.envoy.maxRequestsPerConnection | quote }} proxy-max-connection-duration-seconds: {{ .Values.envoy.maxConnectionDurationSeconds | quote }} proxy-idle-timeout-seconds: {{ .Values.envoy.idleTimeoutDurationSeconds | quote }} + proxy-max-concurrent-retries: {{ .Values.envoy.maxConcurrentRetries | quote }} + http-retry-count: {{ .Values.envoy.httpRetryCount | quote }} external-envoy-proxy: {{ include "envoyDaemonSetEnabled" . | quote }} envoy-base-id: {{ .Values.envoy.baseID | quote }} @@ -1284,6 +1338,9 @@ data: {{- if .Values.envoy.log.path }} envoy-log: {{ .Values.envoy.log.path | quote }} {{- end }} +{{- if .Values.envoy.log.defaultLevel }} + envoy-default-log-level: {{ .Values.envoy.log.defaultLevel | quote }} +{{- end }} {{- if .Values.envoy.log.accessLogBufferSize }} envoy-access-log-buffer-size: {{ .Values.envoy.log.accessLogBufferSize | quote }} {{- end }} @@ -1297,6 +1354,13 @@ data: nat-map-stats-entries: {{ .Values.nat.mapStatsEntries | quote }} nat-map-stats-interval: {{ .Values.nat.mapStatsInterval | quote }} + enable-internal-traffic-policy: {{ .Values.enableInternalTrafficPolicy | quote }} + enable-lb-ipam: {{ .Values.enableLBIPAM | quote }} + enable-non-default-deny-policies: {{ .Values.enableNonDefaultDenyPolicies | quote }} + +{{- if hasKey .Values.daemon "enableSourceIPVerification" }} + enable-source-ip-verification: {{ .Values.daemon.enableSourceIPVerification | quote }} +{{- end }} # Extra config allows adding arbitrary properties to the cilium config. # By putting it at the end of the ConfigMap, it's also possible to override existing properties. @@ -1311,7 +1375,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: ip-masq-agent - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} data: config: |- {{ toJson .Values.ipMasqAgent.config | indent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-dynamic-metrics-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-dynamic-metrics-configmap.yaml new file mode 100644 index 00000000..3f85ecde --- /dev/null +++ b/packages/system/cilium/charts/cilium/templates/cilium-dynamic-metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.hubble.metrics.dynamic.enabled .Values.hubble.metrics.dynamic.config.createConfigMap }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.hubble.metrics.dynamic.config.configMapName }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + dynamic-metrics.yaml: | + metrics: +{{ .Values.hubble.metrics.dynamic.config.content | toYaml | indent 4 }} +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml index 084077a4..b2639892 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml @@ -6,7 +6,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: cilium-envoy-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.envoy.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml index c62dea3d..5649796a 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml @@ -5,7 +5,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium-envoy - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.envoy.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -15,6 +15,9 @@ metadata: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-envoy name: cilium-envoy + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -26,7 +29,7 @@ spec: template: metadata: annotations: - {{- if .Values.envoy.rollOutPods }} + {{- if and (.Values.envoy.rollOutPods) (not .Values.envoy.bootstrapConfigMap) }} # ensure pods roll when configmap updates cilium.io/cilium-envoy-configmap-checksum: {{ include (print $.Template.BasePath "/cilium-envoy/configmap.yaml") . | sha256sum | quote }} {{- end }} @@ -46,6 +49,9 @@ spec: name: cilium-envoy app.kubernetes.io/name: cilium-envoy app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.envoy.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -80,10 +86,11 @@ spec: - '--log-level trace' {{- else if and (.Values.debug.enabled) (hasKey .Values.debug "verbose") (.Values.debug.verbose) (has "flow" ( splitList " " .Values.debug.verbose )) }} - '--log-level debug' + {{- else if .Values.envoy.log.defaultLevel }} + - '--log-level {{ .Values.envoy.log.defaultLevel }}' {{- else }} - '--log-level info' {{- end }} - - '--log-format {{ .Values.envoy.log.format }}' {{- if .Values.envoy.log.path }} - '--log-path {{ .Values.envoy.log.path }}' {{- end }} @@ -235,7 +242,7 @@ spec: type: DirectoryOrCreate - name: envoy-config configMap: - name: cilium-envoy-config + name: {{ .Values.envoy.bootstrapConfigMap | default "cilium-envoy-config" | quote }} # note: the leading zero means this number is in octal representation: do not remove it defaultMode: 0400 items: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml index a55202a5..6b982c28 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: cilium-envoy - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- if or (not .Values.envoy.prometheus.serviceMonitor.enabled) .Values.envoy.annotations }} annotations: {{- if not .Values.envoy.prometheus.serviceMonitor.enabled }} @@ -20,6 +20,9 @@ metadata: app.kubernetes.io/name: cilium-envoy app.kubernetes.io/part-of: cilium io.cilium/app: proxy + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml index 710506e1..809f226b 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.envoy.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.envoy.annotations .Values.envoy.annotations }} annotations: {{- with .Values.envoy.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml index ea7415c4..a46aeeb8 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml @@ -5,10 +5,13 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-envoy - namespace: {{ .Values.envoy.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.envoy.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-envoy + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.envoy.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -27,7 +30,7 @@ spec: k8s-app: cilium-envoy namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: envoy-metrics interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml index 8a1341e4..7d86eb7f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-flowlog-configmap.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.hubble.export.dynamic.config.configMapName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} data: flowlogs.yaml: | flowLogs: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml b/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml index 30ab1719..50c4c13c 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-gateway-api-class.yaml @@ -4,6 +4,10 @@ apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: cilium + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: controllerName: io.cilium/gateway-controller description: The default Cilium GatewayClass diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml index 9243b377..35dd2d1f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ingress-class.yaml @@ -7,6 +7,10 @@ metadata: annotations: ingressclass.kubernetes.io/is-default-class: "true" {{- end}} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: controller: cilium.io/ingress-controller {{- end}} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml index eac13d76..8d806f21 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-ingress-service.yaml @@ -3,12 +3,16 @@ apiVersion: v1 kind: Service metadata: name: {{ .Values.ingressController.service.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: cilium.io/ingress: "true" + app.kubernetes.io/part-of: cilium {{- if .Values.ingressController.service.labels }} {{- toYaml .Values.ingressController.service.labels | nindent 4 }} {{- end }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.ingressController.service.annotations }} annotations: {{- toYaml .Values.ingressController.service.annotations | nindent 4 }} @@ -45,11 +49,14 @@ apiVersion: v1 kind: Endpoints metadata: name: {{ .Values.ingressController.service.name }} - namespace: {{ .Release.Namespace }} - {{- if .Values.ingressController.service.labels }} + namespace: {{ include "cilium.namespace" . }} labels: + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.ingressController.service.labels }} {{- toYaml .Values.ingressController.service.labels | nindent 4 }} - {{- end }} + {{- end }} {{- if .Values.ingressController.service.annotations }} annotations: {{- toYaml .Values.ingressController.service.annotations | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml index c92eabfa..add6ae5a 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/daemonset.yaml @@ -4,7 +4,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: cilium-node-init - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.nodeinit.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,9 @@ metadata: app: cilium-node-init app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-node-init + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -39,6 +42,9 @@ spec: app: cilium-node-init app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-node-init + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeinit.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml index eb503ee9..e489edc3 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml @@ -3,8 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.nodeinit.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- if or .Values.serviceAccounts.nodeinit.annotations .Values.nodeinit.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- with .Values.nodeinit.annotations }} {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl b/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl index 0910de63..67ab34cb 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/_helpers.tpl @@ -31,6 +31,7 @@ Return cilium operator image {{- else -}} {{- $cloud := include "cilium.operator.cloud" . }} {{- $imageDigest := include "cilium.operator.imageDigestName" . }} -{{- printf "%s-%s%s:%s%s" .Values.operator.image.repository $cloud .Values.operator.image.suffix .Values.operator.image.tag $imageDigest -}} +{{- $tag := .Values.operator.image.tag | default "" | eq "" | ternary "" (printf ":%s" .Values.operator.image.tag) }} +{{- printf "%s-%s%s%s%s" .Values.operator.image.repository $cloud .Values.operator.image.suffix $tag $imageDigest -}} {{- end -}} {{- end -}} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml index 0d9a073c..dba1ca8b 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -9,6 +10,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -87,7 +91,7 @@ rules: resources: # to check apiserver connectivity - namespaces -{{- if or .Values.ingressController.enabled .Values.gatewayAPI.enabled }} +{{- if or .Values.ingressController.enabled .Values.gatewayAPI.enabled .Values.bgpControlPlane.enabled $secretSyncEnabled }} - secrets {{- end }} verbs: @@ -196,6 +200,13 @@ rules: - watch - delete - patch +- apiGroups: + - cilium.io + resources: + - ciliumbgpclusterconfigs/status + - ciliumbgppeerconfigs/status + verbs: + - update - apiGroups: - apiextensions.k8s.io resources: @@ -242,6 +253,7 @@ rules: - ciliumbgppeeringpolicies - ciliumbgpclusterconfigs - ciliumbgpnodeconfigoverrides + - ciliumbgppeerconfigs verbs: - get - list @@ -333,6 +345,13 @@ rules: {{- end }} {{- end }} {{- if .Values.clustermesh.enableMCSAPISupport }} +- apiGroups: + - multicluster.x-k8s.io + resources: + - serviceimports/status + verbs: + - update + - patch - apiGroups: - multicluster.x-k8s.io resources: @@ -341,6 +360,13 @@ rules: - get - list - watch +- apiGroups: + - multicluster.x-k8s.io + resources: + - serviceexports/status + verbs: + - update + - patch - apiGroups: - "" resources: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml index 1f32800b..a1bed2d0 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml index c4b90a27..5b68b261 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/dashboards-configmap.yaml @@ -7,11 +7,14 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Values.operator.dashboards.namespace | default $.Release.Namespace }} + namespace: {{ $.Values.operator.dashboards.namespace | default (include "cilium.namespace" $) }} labels: k8s-app: cilium app.kubernetes.io/name: cilium-operator app.kubernetes.io/part-of: cilium + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if $.Values.operator.dashboards.label }} {{ $.Values.operator.dashboards.label }}: {{ ternary $.Values.operator.dashboards.labelValue "1" (not (empty $.Values.operator.dashboards.labelValue)) | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml index 627a63ce..e0fe3115 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: cilium-operator - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: name: cilium-operator app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: # See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go # for more details. @@ -57,6 +60,9 @@ spec: name: cilium-operator app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.operator.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -92,7 +98,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.clustermesh.enableEndpointSliceSynchronization }} + {{- if or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport }} - name: CILIUM_CLUSTERMESH_CONFIG value: /var/lib/cilium/clustermesh/ {{- end }} @@ -215,7 +221,7 @@ spec: readOnly: true {{- end }} {{- end }} - {{- if .Values.clustermesh.enableEndpointSliceSynchronization }} + {{- if or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport }} - name: clustermesh-secrets mountPath: /var/lib/cilium/clustermesh readOnly: true @@ -238,11 +244,6 @@ spec: mountPropagation: {{ .mountPropagation }} {{- end }} {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - mountPath: /var/lib/cilium/bgp - readOnly: true - {{- end }} {{- with .Values.operator.extraVolumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} @@ -285,7 +286,7 @@ spec: nodeSelector: {{- toYaml . | trim | nindent 8 }} {{- end }} - {{- if and .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.config.enabled (not (and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled )) }} + {{- if and (or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport) .Values.clustermesh.config.enabled (not (and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled )) }} hostAliases: {{- range $cluster := .Values.clustermesh.config.clusters }} {{- range $ip := $cluster.ips }} @@ -337,11 +338,6 @@ spec: type: {{ .hostPathType }} {{- end }} {{- end }} - {{- if .Values.bgp.enabled }} - - name: bgp-config-path - configMap: - name: bgp-config - {{- end }} {{- if .Values.authentication.mutual.spire.enabled }} - name: spire-agent-socket hostPath: @@ -351,7 +347,7 @@ spec: {{- with .Values.operator.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} - {{- if .Values.clustermesh.enableEndpointSliceSynchronization }} + {{- if or .Values.clustermesh.enableEndpointSliceSynchronization .Values.clustermesh.enableMCSAPISupport }} # To read the clustermesh configuration - name: clustermesh-secrets projected: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml index 05b25104..74d29b43 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-operator - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: name: cilium-operator app.kubernetes.io/name: cilium-operator app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml index 20101b02..83d42480 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml @@ -1,3 +1,5 @@ +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} + {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.ingressController.enabled .Values.ingressController.secretsNamespace.sync .Values.ingressController.secretsNamespace.name }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -11,6 +13,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -47,3 +52,28 @@ rules: - update - patch {{- end }} + +{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create $secretSyncEnabled .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cilium-operator-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + {{- with .Values.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/part-of: cilium +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - update + - patch +{{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml index 8d8f73d8..8e866e59 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml @@ -1,3 +1,5 @@ +{{- $secretSyncEnabled := eq (include "secretSyncEnabled" .) "true" -}} + {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.ingressController.enabled .Values.ingressController.secretsNamespace.sync .Values.ingressController.secretsNamespace.name }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -5,6 +7,10 @@ kind: RoleBinding metadata: name: cilium-operator-ingress-secrets namespace: {{ .Values.ingressController.secretsNamespace.name | quote }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -18,7 +24,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.gatewayAPI.enabled .Values.gatewayAPI.secretsNamespace.sync .Values.gatewayAPI.secretsNamespace.name }} @@ -39,6 +45,29 @@ roleRef: kind: Role name: cilium-operator-gateway-secrets subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccounts.operator.name | quote }} + namespace: {{ include "cilium.namespace" . }} +{{- end }} + +{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create $secretSyncEnabled .Values.tls.secretsNamespace.name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cilium-operator-tlsinterception-secrets + namespace: {{ .Values.tls.secretsNamespace.name | quote }} + {{- with .Values.operator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/part-of: cilium +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cilium-operator-tlsinterception-secrets +subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.operator.name | quote }} namespace: {{ .Release.Namespace }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml index 31e917ec..4ac55d7a 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/secret.yaml @@ -4,11 +4,15 @@ apiVersion: v1 kind: Secret metadata: name: cilium-azure - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} type: Opaque data: AZURE_CLIENT_ID: {{ default "" .Values.azure.clientID | b64enc | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml index 8c201099..da4c88c2 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/service.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.operator.enabled .Values.operator.prometheus.enabled .Values.operator.prometheus.serviceMonitor.enabled }} +{{- if and .Values.operator.enabled .Values.operator.prometheus.enabled (or .Values.operator.prometheus.serviceMonitor.enabled .Values.operator.prometheus.metricsService) }} kind: Service apiVersion: v1 metadata: name: cilium-operator - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,9 @@ metadata: name: cilium-operator app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml index b083907e..e75a528d 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.operator.annotations .Values.operator.annotations }} annotations: {{- with .Values.operator.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml index 742993b8..c73b49da 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/servicemonitor.yaml @@ -3,10 +3,13 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-operator - namespace: {{ .Values.operator.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.operator.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.operator.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -26,7 +29,7 @@ spec: name: cilium-operator namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: metrics interval: {{ .Values.operator.prometheus.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml index bb9b686e..9a2c0615 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrole.yaml @@ -1,3 +1,5 @@ +{{- $readSecretsOnlyFromSecretsNamespace := eq (include "readSecretsOnlyFromSecretsNamespace" .) "true" -}} + {{- if and .Values.preflight.enabled .Values.rbac.create }} {{- /* Keep file in sync with cilium-agent/clusterrole.yaml @@ -12,6 +14,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - networking.k8s.io @@ -82,7 +87,7 @@ rules: # until we figure out how to avoid "get" inside the preflight, and then # should be removed ideally. - get -{{- if eq "k8s" .Values.tls.secretsBackend }} +{{- if $readSecretsOnlyFromSecretsNamespace }} - apiGroups: - "" resources: diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml index 5b60e519..93827895 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/clusterrolebinding.yaml @@ -9,6 +9,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.preflight.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml index 51cfe1ae..0e793cfa 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml @@ -3,8 +3,12 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium-pre-flight-check - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.preflight.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- toYaml . | nindent 4 }} {{- end }} @@ -24,6 +28,9 @@ spec: k8s-app: cilium-pre-flight-check app.kubernetes.io/name: cilium-pre-flight-check kubernetes.io/cluster-service: "true" + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.preflight.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -209,8 +216,8 @@ spec: defaultMode: 0400 optional: true {{- end }} + {{- end }} {{- with .Values.preflight.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} - {{- end }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml index 32c169b4..26c7f063 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: cilium-pre-flight-check - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.preflight.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -11,6 +11,9 @@ metadata: labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-pre-flight-check + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -27,6 +30,9 @@ spec: k8s-app: cilium-pre-flight-check-deployment kubernetes.io/cluster-service: "true" app.kubernetes.io/name: cilium-pre-flight-check + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.preflight.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml index c00d9b89..be41a74c 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-pre-flight-check - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.preflight.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,6 +14,9 @@ metadata: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-pre-flight-check kubernetes.io/cluster-service: "true" + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml index b64a3296..dd5a6911 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/serviceaccount.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.preflight.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.preflight.annotations .Values.preflight.annotations }} annotations: {{- with .Values.preflight.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml b/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml index a9856967..5647652c 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-resource-quota.yaml @@ -1,10 +1,10 @@ -{{- if or .Values.resourceQuotas.enabled (and (ne .Release.Namespace "kube-system") .Values.gke.enabled) }} +{{- if or .Values.resourceQuotas.enabled (and (ne (include "cilium.namespace" .) "kube-system") .Values.gke.enabled) }} {{- if .Values.agent }} apiVersion: v1 kind: ResourceQuota metadata: name: cilium-resource-quota - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} spec: hard: pods: {{ .Values.resourceQuotas.cilium.hard.pods | quote }} @@ -21,7 +21,12 @@ apiVersion: v1 kind: ResourceQuota metadata: name: cilium-operator-resource-quota - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + labels: + app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: hard: pods: {{ .Values.resourceQuotas.operator.hard.pods | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml b/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml index d99967fa..7be62461 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-secrets-namespace.yaml @@ -5,10 +5,19 @@ {{- end -}} {{- end -}} +{{- if and .Values.tls.secretsNamespace.create .Values.tls.secretsNamespace.name -}} +{{- $_ := set $secretNamespaces .Values.tls.secretsNamespace.name 1 -}} +{{- end -}} + {{- range $name, $_ := $secretNamespaces }} --- apiVersion: v1 kind: Namespace metadata: name: {{ $name | quote }} + labels: + app.kubernetes.io/part-of: cilium + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end}} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml index 55d2505d..e7ebda95 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml @@ -5,6 +5,9 @@ metadata: name: clustermesh-apiserver labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -53,6 +56,7 @@ rules: resources: - customresourcedefinitions verbs: + - get - list - watch - apiGroups: @@ -73,4 +77,14 @@ rules: - get - list - watch +{{- if .Values.clustermesh.enableMCSAPISupport }} +- apiGroups: + - multicluster.x-k8s.io + resources: + - serviceexports + verbs: + - get + - list + - watch +{{- end }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml index 49b19097..ecd5fe31 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml @@ -5,6 +5,9 @@ metadata: name: clustermesh-apiserver labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,5 +19,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml index 6caee283..9450ea43 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml @@ -6,7 +6,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: clustermesh-apiserver - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -15,6 +15,9 @@ metadata: k8s-app: clustermesh-apiserver app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.clustermesh.apiserver.replicas }} selector: @@ -34,6 +37,9 @@ spec: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver k8s-app: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.clustermesh.apiserver.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -192,6 +198,9 @@ spec: - --prometheus-serve-addr=:{{ .Values.clustermesh.apiserver.metrics.port }} - --controller-group-metrics=all {{- end }} + {{- if .Values.clustermesh.enableMCSAPISupport }} + - --clustermesh-enable-mcs-api + {{- end }} {{- with .Values.clustermesh.apiserver.extraArgs }} {{- toYaml . | trim | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml index 0781af1e..915b3165 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: Service metadata: name: clustermesh-apiserver-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,6 +16,10 @@ metadata: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver app.kubernetes.io/component: metrics + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml index a5d30b7b..491b075d 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: clustermesh-apiserver - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,10 @@ metadata: k8s-app: clustermesh-apiserver app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml index 76c33ff1..fa7b193c 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/service.yaml @@ -3,11 +3,15 @@ apiVersion: v1 kind: Service metadata: name: clustermesh-apiserver - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: clustermesh-apiserver app.kubernetes.io/part-of: cilium app.kubernetes.io/name: clustermesh-apiserver + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.clustermesh.apiserver.service.annotations .Values.clustermesh.annotations }} annotations: {{- with .Values.clustermesh.annotations }} @@ -32,6 +36,10 @@ spec: {{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerIP }} loadBalancerIP: {{ .Values.clustermesh.apiserver.service.loadBalancerIP }} {{- end }} + {{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.clustermesh.apiserver.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} {{- if .Values.clustermesh.apiserver.service.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.clustermesh.apiserver.service.externalTrafficPolicy }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml index 0c8992ba..2df6aa87 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.clustermeshApiserver.annotations .Values.clustermesh.annotations }} annotations: {{- with .Values.clustermesh.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml index 8ecf150b..800d79f7 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml @@ -8,9 +8,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: clustermesh-apiserver - namespace: {{ .Values.clustermesh.apiserver.metrics.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.clustermesh.apiserver.metrics.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.apiserver.metrics.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -30,7 +33,7 @@ spec: app.kubernetes.io/component: metrics namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: {{- if .Values.clustermesh.apiserver.metrics.enabled }} - port: apiserv-metrics diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml index dbf313a5..974ebfa8 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml index f290fe8e..0b33c852 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml index 8ec9fa53..d38e8195 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/local-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-local-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml index 06bb8bd2..47cb29ff 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/remote-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml index f7cfd7ad..8e94d1fe 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-certmanager/server-secret.yaml @@ -4,8 +4,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- toYaml . | nindent 4 }} {{- end }} @@ -17,7 +21,7 @@ spec: dnsNames: - clustermesh-apiserver.cilium.io - "*.mesh.cilium.io" - - "clustermesh-apiserver.{{ .Release.Namespace }}.svc" + - "clustermesh-apiserver.{{ include "cilium.namespace" . }}.svc" {{- range $dns := .Values.clustermesh.apiserver.tls.server.extraDnsNames }} - {{ $dns | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl index 52d859b1..a12d3256 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/_job-spec.tpl @@ -19,9 +19,9 @@ spec: {{- if .Values.debug.enabled }} - "--debug" {{- end }} - - "--ca-generate" + - "--ca-generate={{ .Values.certgen.generateCA }}" - "--ca-reuse-secret" - - "--ca-secret-namespace={{ .Release.Namespace }}" + - "--ca-secret-namespace={{ include "cilium.namespace" . }}" - "--ca-secret-name=cilium-ca" - "--ca-common-name=Cilium CA" env: @@ -29,12 +29,12 @@ spec: value: | certs: - name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "clustermesh-apiserver.cilium.io" hosts: - "clustermesh-apiserver.cilium.io" - "*.mesh.cilium.io" - - "clustermesh-apiserver.{{ .Release.Namespace }}.svc" + - "clustermesh-apiserver.{{ include "cilium.namespace" . }}.svc" {{- range $dns := .Values.clustermesh.apiserver.tls.server.extraDnsNames }} - {{ $dns | quote }} {{- end }} @@ -49,7 +49,7 @@ spec: - server auth validity: {{ $certValidityStr }} - name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ include "clustermesh-apiserver-generate-certs.admin-common-name" . | quote }} usage: - signing @@ -58,7 +58,7 @@ spec: validity: {{ $certValidityStr }} {{- if .Values.clustermesh.useAPIServer }} - name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ include "clustermesh-apiserver-generate-certs.remote-common-name" . | quote }} usage: - signing @@ -68,7 +68,7 @@ spec: {{- end }} {{- if and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled }} - name: clustermesh-apiserver-local-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ include "clustermesh-apiserver-generate-certs.local-common-name" . | quote }} usage: - signing @@ -78,7 +78,7 @@ spec: {{- end }} {{- if .Values.externalWorkloads.enabled }} - name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "externalworkload" usage: - signing @@ -91,6 +91,13 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} hostNetwork: true + {{- with .Values.certgen.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.certgen.priorityClassName }} + priorityClassName: {{ .Values.certgen.priorityClassName }} + {{- end }} {{- with .Values.certgen.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml index 8c0e4cd5..4dfc8076 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml @@ -3,7 +3,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -11,6 +11,9 @@ metadata: labels: k8s-app: clustermesh-apiserver-generate-certs app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: schedule: {{ .Values.clustermesh.apiserver.tls.auto.schedule | quote }} concurrencyPolicy: Forbid diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml index b6dd5bf1..d27a3150 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/job.yaml @@ -4,9 +4,12 @@ apiVersion: batch/v1 kind: Job metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: clustermesh-apiserver-generate-certs + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} app.kubernetes.io/part-of: cilium annotations: "helm.sh/hook": post-install,post-upgrade diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml index a3a9f089..e8e8b0ae 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/role.yaml @@ -3,13 +3,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml index 4e67e047..28f36797 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/rolebinding.yaml @@ -3,13 +3,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: clustermesh-apiserver-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -17,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml index 8dfaf52c..1a8c3ea1 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/serviceaccount.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.clustermeshcertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.serviceAccounts.clustermeshcertgen.annotations .Values.clustermesh.annotations }} annotations: {{- with .Values.serviceAccounts.clustermeshcertgen.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml index 59b5b51c..a35f7cdc 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/admin-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml index 85137111..220e9d3d 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/client-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml index 716ab816..4efc252d 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/local-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-local-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml index 7bfb1c5a..04175f7a 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/remote-secret.yaml @@ -7,7 +7,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml index f958f353..53c895fa 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-helm/server-secret.yaml @@ -2,14 +2,18 @@ {{- $_ := include "cilium.ca.setup" . -}} {{- $cn := "clustermesh-apiserver.cilium.io" }} {{- $ip := concat (list "127.0.0.1" "::1") .Values.clustermesh.apiserver.tls.server.extraIpAddresses }} -{{- $dns := concat (list $cn "*.mesh.cilium.io" (printf "clustermesh-apiserver.%s.svc" .Release.Namespace)) .Values.clustermesh.apiserver.tls.server.extraDnsNames }} +{{- $dns := concat (list $cn "*.mesh.cilium.io" (printf "clustermesh-apiserver.%s.svc" (include "cilium.namespace" .))) .Values.clustermesh.apiserver.tls.server.extraDnsNames }} {{- $cert := genSignedCert $cn $ip $dns (.Values.clustermesh.apiserver.tls.auto.certValidityDuration | int) .commonCA -}} --- apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml index 68c45451..91955979 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/admin-secret.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-admin-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml index f48d6604..92c977cc 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml @@ -4,8 +4,12 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-client-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml index 3e6f21f1..62173a1f 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-remote-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml index 5af1b9bd..231178ca 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml @@ -4,7 +4,11 @@ apiVersion: v1 kind: Secret metadata: name: clustermesh-apiserver-server-cert - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml index ab42ad06..56572bb2 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml @@ -7,20 +7,20 @@ apiVersion: v1 kind: ConfigMap metadata: name: clustermesh-remote-users - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + data: users.yaml: | users: - {{- if .Values.clustermesh.apiserver.kvstoremesh.enabled }} - - name: remote-{{ .Values.cluster.name }} - role: remote - {{- end }} {{- range .Values.clustermesh.config.clusters }} - name: remote-{{ .name }} role: remote diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl b/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl index 5cd31486..3529f066 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-config/_helpers.tpl @@ -3,7 +3,13 @@ {{- $domain := index . 1 -}} {{- $override := index . 2 -}} {{- /* The parenthesis around $cluster.tls are required, since it can be null: https://stackoverflow.com/a/68807258 */}} -{{- $prefix := ternary "common-" (printf "%s." $cluster.name) (or (ne $override "") (empty ($cluster.tls).cert) (empty ($cluster.tls).key)) -}} +{{- $prefix := ternary "common-" (printf "%s." $cluster.name) (or (empty ($cluster.tls).cert) (empty ($cluster.tls).key)) -}} +{{- /* KVStoreMesh is enabled, and we are generating the secret used by Cilium agents. */}} +{{- /* In other words, we want to connect to KVStoreMesh, opposed to the etcd instance */}} +{{- /* in the remote cluster; hence we need to use the dedicated certificate and key. */}} +{{- if ne $override "" -}} +{{- $prefix = "local-" -}} +{{- end -}} endpoints: {{- if ne $override "" }} @@ -13,8 +19,11 @@ endpoints: {{- else }} - https://{{ $cluster.address | required "missing clustermesh.apiserver.config.clusters.address" }}:{{ $cluster.port }} {{- end }} -{{- if not (empty ($cluster.tls).caCert) }} -{{- /* The custom CA configuration takes effect only if a custom certificate and key are also set */}} +{{- if or (ne $override "") (not (empty ($cluster.tls).caCert)) }} +{{- /* The custom CA configuration takes effect only if a custom certificate and key are also set, */}} +{{- /* otherwise we may enter this branch, but the prefix is still set to common-. */}} +{{- /* Additionally, when KVStoreMesh is enabled, and we are generating the secret for the agents, */}} +{{- /* we want to always use the corresponding CA certificate, that is the one with local- prefix. */}} trusted-ca-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client-ca.crt {{- else }} trusted-ca-file: /var/lib/cilium/clustermesh/common-etcd-client-ca.crt diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml index 78ddecd9..7f4f14b2 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml @@ -4,14 +4,19 @@ apiVersion: v1 kind: Secret metadata: name: cilium-clustermesh - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + data: {{- $kvstoremesh := and .Values.clustermesh.useAPIServer .Values.clustermesh.apiserver.kvstoremesh.enabled }} - {{- $override := ternary (printf "https://clustermesh-apiserver.%s.svc:2379" .Release.Namespace) "" $kvstoremesh }} + {{- $override := ternary (printf "https://clustermesh-apiserver.%s.svc:2379" (include "cilium.namespace" .)) "" $kvstoremesh }} {{- range .Values.clustermesh.config.clusters }} {{ .name }}: {{ include "clustermesh-config-generate-etcd-cfg" (list . $.Values.clustermesh.config.domain $override) | b64enc }} {{- /* The parenthesis around .tls are required, since it can be null: https://stackoverflow.com/a/68807258 */}} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml index 91ae0320..e9b554ac 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml @@ -4,7 +4,12 @@ apiVersion: v1 kind: Secret metadata: name: cilium-kvstoremesh - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.clustermesh.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml index 81b4198c..26b6219a 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/configmap.yaml @@ -8,7 +8,12 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubble-relay-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -16,7 +21,7 @@ metadata: data: config.yaml: | cluster-name: {{ .Values.cluster.name }} - peer-service: "hubble-peer.{{ .Release.Namespace }}.svc.{{ .Values.hubble.peerService.clusterDomain }}.:{{ $peerSvcPort }}" + peer-service: "hubble-peer.{{ include "cilium.namespace" . }}.svc.{{ .Values.hubble.peerService.clusterDomain }}.:{{ $peerSvcPort }}" listen-address: {{ include "hubble-relay.config.listenAddress" . }} gops: {{ .Values.hubble.relay.gops.enabled }} gops-port: {{ .Values.hubble.relay.gops.port | quote }} @@ -28,7 +33,6 @@ data: {{- if .Values.hubble.relay.prometheus.enabled }} metrics-listen-address: ":{{ .Values.hubble.relay.prometheus.port }}" {{- end }} - dial-timeout: {{ .Values.hubble.relay.dialTimeout }} retry-timeout: {{ .Values.hubble.relay.retryTimeout }} sort-buffer-len-max: {{ .Values.hubble.relay.sortBufferLenMax }} sort-buffer-drain-timeout: {{ .Values.hubble.relay.sortBufferDrainTimeout }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml index 30d8d062..e7805c23 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: hubble-relay - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,6 +12,10 @@ metadata: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: replicas: {{ .Values.hubble.relay.replicas }} selector: @@ -39,6 +43,9 @@ spec: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.hubble.relay.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml index 1066c6c4..928d45cf 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/metrics-service.yaml @@ -4,13 +4,18 @@ kind: Service apiVersion: v1 metadata: name: hubble-relay-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: k8s-app: hubble-relay + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml index 6162cb81..b44cecfa 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: hubble-relay - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.relay.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,10 @@ metadata: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml index 27a95519..db00b473 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/service.yaml @@ -3,7 +3,7 @@ kind: Service apiVersion: v1 metadata: name: hubble-relay - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} annotations: {{- with .Values.hubble.relay.annotations }} {{- toYaml . | nindent 4 }} @@ -16,6 +16,10 @@ metadata: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: type: {{ .Values.hubble.relay.service.type | quote }} selector: diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml index 081b896e..25d36ba4 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.relay.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.relay.annotations .Values.hubble.relay.annotations }} annotations: {{- with .Values.hubble.relay.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml index 4e41fdf3..b6b1733c 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-relay/servicemonitor.yaml @@ -3,8 +3,12 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: hubble-relay - namespace: {{ .Values.hubble.relay.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.hubble.relay.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.relay.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -23,7 +27,7 @@ spec: k8s-app: hubble-relay namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: metrics interval: {{ .Values.hubble.relay.prometheus.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml index 7efa4824..b8607bd9 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrole.yaml @@ -9,6 +9,10 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + rules: - apiGroups: - networking.k8s.io diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml index e25aeb17..55ee9ecc 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml @@ -9,6 +9,10 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -16,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.ui.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml index 8b5f0141..63a3da6c 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/configmap.yaml @@ -4,7 +4,12 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubble-ui-nginx - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.ui.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml index 66f3b088..c3b3dc5a 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/deployment.yaml @@ -3,7 +3,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.ui.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,6 +12,13 @@ metadata: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.hubble.ui.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.hubble.ui.replicas }} selector: @@ -35,6 +42,9 @@ spec: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.hubble.ui.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml index 348e281d..ab85ef5f 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/ingress.yaml @@ -4,11 +4,15 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.ui.ingress.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml index c23e3ad0..35402984 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.ui.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -13,6 +13,10 @@ metadata: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: {{- with $component.maxUnavailable }} maxUnavailable: {{ . }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml index a820b342..90b3b1b7 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/service.yaml @@ -3,8 +3,9 @@ kind: Service apiVersion: v1 metadata: name: hubble-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- if or .Values.hubble.ui.service.annotations .Values.hubble.ui.annotations }} + annotations: {{- with .Values.hubble.ui.annotations }} {{- toYaml . | nindent 4 }} @@ -17,6 +18,10 @@ metadata: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: type: {{ .Values.hubble.ui.service.type | quote }} selector: diff --git a/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml index dc02ea2b..ac3d13ee 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.ui.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.ui.annotations .Values.hubble.ui.annotations }} annotations: {{- with .Values.hubble.ui.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml b/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml index c668ebfd..2862a84d 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/dashboards-configmap.yaml @@ -7,11 +7,16 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Values.hubble.metrics.dashboards.namespace | default $.Release.Namespace }} + namespace: {{ $.Values.hubble.metrics.dashboards.namespace | default (include "cilium.namespace" $) }} labels: k8s-app: hubble app.kubernetes.io/name: hubble app.kubernetes.io/part-of: cilium + + {{- with $.Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $.Values.hubble.metrics.dashboards.label }} {{ $.Values.hubble.metrics.dashboards.label }}: {{ ternary $.Values.hubble.metrics.dashboards.labelValue "1" (not (empty $.Values.hubble.metrics.dashboards.labelValue)) | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml b/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml index ab5cfbab..c2488990 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/metrics-service.yaml @@ -1,13 +1,17 @@ -{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled }} +{{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) }} apiVersion: v1 kind: Service metadata: name: hubble-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble app.kubernetes.io/name: hubble app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: {{- with .Values.hubble.annotations }} {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml b/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml index aec3f889..60aab5ae 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/peer-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: hubble-peer - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,6 +12,10 @@ metadata: k8s-app: cilium app.kubernetes.io/part-of: cilium app.kubernetes.io/name: hubble-peer + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + spec: selector: k8s-app: cilium diff --git a/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml index d1c3c3e5..1f4eccd5 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml @@ -3,9 +3,14 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: hubble - namespace: {{ .Values.prometheus.serviceMonitor.namespace | default .Release.Namespace }} + namespace: {{ .Values.prometheus.serviceMonitor.namespace | default (include "cilium.namespace" .) }} labels: app.kubernetes.io/part-of: cilium + + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.metrics.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -24,7 +29,7 @@ spec: k8s-app: hubble namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "cilium.namespace" . }} endpoints: - port: hubble-metrics interval: {{ .Values.hubble.metrics.serviceMonitor.interval | quote }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml index d4e263f1..36c47707 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/metrics-server-secret.yaml @@ -5,7 +5,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml index 373d6c54..7850b5ab 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-client-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml index c33b912b..2b3eb778 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/relay-server-secret.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml index b34f27c5..394c221a 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/server-secret.yaml @@ -5,7 +5,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml index 64ace187..0111834b 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-certmanager/ui-client-certs.yaml @@ -4,7 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl index 7f47f21d..2b37bdc0 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/_job-spec.tpl @@ -30,9 +30,9 @@ spec: {{- if .Values.debug.enabled }} - "--debug" {{- end }} - - "--ca-generate" + - "--ca-generate={{ .Values.certgen.generateCA }}" - "--ca-reuse-secret" - - "--ca-secret-namespace={{ .Release.Namespace }}" + - "--ca-secret-namespace={{ include "cilium.namespace" . }}" - "--ca-secret-name=cilium-ca" - "--ca-common-name=Cilium CA" env: @@ -40,7 +40,7 @@ spec: value: | certs: - name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." | quote }} hosts: - {{ list "*" (.Values.cluster.name | replace "." "-") "hubble-grpc.cilium.io" | join "." | quote }} @@ -58,7 +58,7 @@ spec: validity: {{ $certValidityStr }} {{- if .Values.hubble.relay.enabled }} - name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "*.hubble-relay.cilium.io" hosts: - "*.hubble-relay.cilium.io" @@ -70,7 +70,7 @@ spec: {{- end }} {{- if and .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }} - name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "*.hubble-relay.cilium.io" hosts: - "*.hubble-relay.cilium.io" @@ -88,7 +88,7 @@ spec: {{- end }} {{- if and .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }} - name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: {{ list (.Values.cluster.name | replace "." "-") "hubble-metrics.cilium.io" | join "." }} | quote }} hosts: - {{ list (.Values.cluster.name | replace "." "-") "hubble-metrics.cilium.io" | join "." }} | quote }} @@ -106,7 +106,7 @@ spec: {{- end }} {{- if and .Values.hubble.ui.enabled .Values.hubble.relay.enabled .Values.hubble.relay.tls.server.enabled }} - name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} commonName: "*.hubble-ui.cilium.io" hosts: - "*.hubble-ui.cilium.io" @@ -116,11 +116,19 @@ spec: - client auth validity: {{ $certValidityStr }} {{- end }} + {{- include "certgen.config.extra" . | nindent 12 }} {{- with .Values.certgen.extraVolumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} {{- end }} hostNetwork: false + {{- with .Values.certgen.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.certgen.priorityClassName }} + priorityClassName: {{ .Values.certgen.priorityClassName }} + {{- end }} {{- with .Values.certgen.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml index 7d9f7174..697806c6 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml @@ -3,11 +3,15 @@ apiVersion: batch/v1 kind: CronJob metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble-generate-certs app.kubernetes.io/name: hubble-generate-certs app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.certgen.annotations.cronJob .Values.hubble.annotations }} annotations: {{- with .Values.hubble.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml index 9831fdc6..5e4e67ff 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/job.yaml @@ -4,11 +4,14 @@ apiVersion: batch/v1 kind: Job metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} labels: k8s-app: hubble-generate-certs app.kubernetes.io/name: hubble-generate-certs app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": post-install,post-upgrade {{- with .Values.certgen.annotations.job }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml index 07a38b08..9cd40721 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/role.yaml @@ -3,13 +3,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + rules: - apiGroups: - "" diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml index fa56e469..4c3a88a3 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/rolebinding.yaml @@ -3,13 +3,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: hubble-generate-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -17,5 +21,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml index 62a8de80..2324eb52 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-cronjob/serviceaccount.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccounts.hubblecertgen.name | quote }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccounts.hubblecertgen.annotations .Values.hubble.annotations }} annotations: {{- with .Values.hubble.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml index e4e4a8b8..0cc13efa 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/metrics-server-secret.yaml @@ -9,7 +9,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml index f266d9a0..f6ba3279 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml @@ -8,7 +8,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml index 4a3e3ad1..986b3cac 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/relay-server-secret.yaml @@ -9,7 +9,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml index 0f9b3343..a159240d 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml @@ -9,7 +9,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml index ea5e6926..e1f62ead 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-helm/ui-client-certs.yaml @@ -8,7 +8,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml index d902ae9b..8137aef3 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/metrics-server-secret.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-metrics-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml index 28b540db..3030b2c7 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-client-secret.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml index 187c781b..18aafb0e 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-relay-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml index 9991f0c9..e5ddfa16 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/server-secret.yaml @@ -3,7 +3,12 @@ apiVersion: v1 kind: Secret metadata: name: hubble-server-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml index 6f0b45e2..ebaca8f7 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml @@ -3,7 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: hubble-ui-client-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "cilium.namespace" . }} + + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml index 29300840..ec0c466a 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrole.yaml @@ -3,6 +3,11 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml index 02265a94..eb33c995 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/clusterrolebinding.yaml @@ -4,6 +4,11 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml index 7d365ba6..2bd63bf8 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/configmap.yaml @@ -4,6 +4,11 @@ kind: ConfigMap metadata: name: spire-agent namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml index d8c80d9e..cac60877 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml @@ -15,6 +15,9 @@ metadata: {{- end }} labels: app: spire-agent + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.install.agent.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -27,6 +30,9 @@ spec: namespace: {{ .Values.authentication.mutual.spire.install.namespace }} labels: app: spire-agent + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.authentication.mutual.spire.install.agent.labels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -35,6 +41,7 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} + priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.authentication.mutual.spire.install.agent.priorityClassName "system-node-critical") }} {{- with .Values.authentication.mutual.spire.install.agent.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -81,6 +88,10 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP + {{- with .Values.authentication.mutual.spire.install.agent.resources }} + resources: + {{- toYaml . | trim | nindent 12 }} + {{- end }} livenessProbe: httpGet: path: /live diff --git a/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml index 95f7e431..3abf0059 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/agent/serviceaccount.yaml @@ -4,6 +4,10 @@ kind: ServiceAccount metadata: name: {{ .Values.authentication.mutual.spire.install.agent.serviceAccount.name }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml b/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml index 389b8d58..c24b1630 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/bundle-configmap.yaml @@ -4,6 +4,10 @@ kind: ConfigMap metadata: name: spire-bundle namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml b/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml index ccd38680..db203d79 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/namespace.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: Namespace metadata: name: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml index f6d98545..fb84b7cf 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrole.yaml @@ -4,6 +4,10 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml index 750b07ac..fd5242ca 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/clusterrolebinding.yaml @@ -3,6 +3,10 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml index d7347595..5deb8128 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/configmap.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ConfigMap metadata: name: spire-server + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml index 2d38fe14..1cb70be1 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/role.yaml @@ -4,6 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml index 497bd60c..a8d9af94 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/rolebinding.yaml @@ -4,6 +4,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml index 32288a44..376bb628 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml @@ -4,6 +4,10 @@ kind: Service metadata: name: spire-server namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.authentication.mutual.spire.install.server.service.annotations .Values.authentication.mutual.spire.annotations }} annotations: {{- with .Values.authentication.mutual.spire.annotations }} diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml index cd365c89..2a62e6e1 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/serviceaccount.yaml @@ -3,6 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} namespace: {{ .Values.authentication.mutual.spire.install.namespace }} {{- with .Values.authentication.mutual.spire.annotations }} annotations: diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml index a47cbf5f..b515eadf 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml @@ -4,6 +4,10 @@ kind: StatefulSet metadata: name: spire-server namespace: {{ .Values.authentication.mutual.spire.install.namespace }} + {{- with .Values.commonLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.authentication.mutual.spire.install.server.annotations .Values.authentication.mutual.spire.annotations }} annotations: {{- with .Values.authentication.mutual.spire.annotations }} @@ -28,10 +32,14 @@ spec: metadata: labels: app: spire-server + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.authentication.mutual.spire.install.server.labels }} {{- toYaml . | nindent 8 }} {{- end }} spec: + priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.authentication.mutual.spire.install.server.priorityClassName "system-node-critical") }} serviceAccountName: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }} shareProcessNamespace: true {{- with .Values.authentication.mutual.spire.install.server.podSecurityContext }} @@ -65,6 +73,10 @@ spec: args: - -config - /run/spire/config/server.conf + {{- with .Values.authentication.mutual.spire.install.server.resources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} ports: - name: grpc containerPort: 8081 diff --git a/packages/system/cilium/charts/cilium/templates/validate.yaml b/packages/system/cilium/charts/cilium/templates/validate.yaml index 0b89b9ab..37da6cd6 100644 --- a/packages/system/cilium/charts/cilium/templates/validate.yaml +++ b/packages/system/cilium/charts/cilium/templates/validate.yaml @@ -139,13 +139,11 @@ {{- if eq .Values.cluster.name "" }} {{ fail "The cluster name is invalid: cannot be empty" }} {{- end }} -{{- if semverCompare ">=1.16" (default "1.16" .Values.upgradeCompatibility) }} {{- if gt (len .Values.cluster.name) 32 }} - {{ fail "The cluster name is invalid: must not be more than 32 characters. Configure 'upgradeCompatibility' to 1.15 or earlier to temporarily skip this check at your own risk" }} + {{ fail "The cluster name is invalid: must not be more than 32 characters" }} {{- end }} {{- if not (regexMatch "^([a-z0-9][-a-z0-9]*)?[a-z0-9]$" .Values.cluster.name) }} - {{ fail "The cluster name is invalid: must consist of lower case alphanumeric characters and '-', and must start and end with an alphanumeric character. Configure 'upgradeCompatibility' to 1.15 or earlier to temporarily skip this check at your own risk" }} -{{- end }} + {{ fail "The cluster name is invalid: must consist of lower case alphanumeric characters and '-', and must start and end with an alphanumeric character" }} {{- end }} {{- if and (eq .Values.cluster.name "default") (ne (int .Values.cluster.id) 0) }} {{ fail "The cluster name is invalid: cannot use default value with cluster.id != 0" }} @@ -159,7 +157,7 @@ {{/* validate clustermesh-apiserver */}} {{- if .Values.clustermesh.useAPIServer }} - {{- if ne .Values.identityAllocationMode "crd" }} + {{- if and (ne .Values.identityAllocationMode "crd") (ne .Values.identityAllocationMode "doublewrite-readkvstore") (ne .Values.identityAllocationMode "doublewrite-readcrd") }} {{ fail (printf "The clustermesh-apiserver cannot be enabled in combination with .Values.identityAllocationMode=%s. To establish a Cluster Mesh, directly configure the parameters to access the remote kvstore through .Values.clustermesh.config" .Values.identityAllocationMode ) }} {{- end }} {{- if .Values.disableEndpointCRD }} @@ -167,7 +165,7 @@ {{- end }} {{- end }} {{- if .Values.externalWorkloads.enabled }} - {{- if ne .Values.identityAllocationMode "crd" }} + {{- if and (ne .Values.identityAllocationMode "crd") (ne .Values.identityAllocationMode "doublewrite-readkvstore") (ne .Values.identityAllocationMode "doublewrite-readcrd") }} {{ fail (printf "External workloads support cannot be enabled in combination with .Values.identityAllocationMode=%s" .Values.identityAllocationMode ) }} {{- end }} {{- if .Values.disableEndpointCRD }} diff --git a/packages/system/cilium/charts/cilium/values.schema.json b/packages/system/cilium/charts/cilium/values.schema.json index 1a8fcb07..634e6fc8 100644 --- a/packages/system/cilium/charts/cilium/values.schema.json +++ b/packages/system/cilium/charts/cilium/values.schema.json @@ -152,6 +152,12 @@ "podSecurityContext": { "type": "object" }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, "securityContext": { "type": "object" }, @@ -356,6 +362,12 @@ "podSecurityContext": { "type": "object" }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object" + }, "securityContext": { "type": "object" }, @@ -443,25 +455,6 @@ }, "type": "object" }, - "bgp": { - "properties": { - "announce": { - "properties": { - "loadbalancerIP": { - "type": "boolean" - }, - "podCIDR": { - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, "bgpControlPlane": { "properties": { "enabled": { @@ -477,6 +470,14 @@ } }, "type": "object" + }, + "statusReport": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" } }, "type": "object" @@ -497,6 +498,9 @@ }, "type": "object" }, + "ctAccounting": { + "type": "boolean" + }, "ctAnyMax": { "type": [ "null", @@ -520,6 +524,17 @@ }, "events": { "properties": { + "default": { + "properties": { + "burstLimit": { + "type": "null" + }, + "rateLimit": { + "type": "null" + } + }, + "type": "object" + }, "drop": { "properties": { "enabled": { @@ -553,6 +568,9 @@ "boolean" ] }, + "lbAlgorithmAnnotation": { + "type": "boolean" + }, "lbExternalClusterIP": { "type": "boolean" }, @@ -562,6 +580,12 @@ "integer" ] }, + "lbModeAnnotation": { + "type": "boolean" + }, + "lbSourceRangeAllTypes": { + "type": "boolean" + }, "mapDynamicSizeRatio": { "type": [ "null", @@ -655,6 +679,9 @@ "items": {}, "type": "array" }, + "generateCA": { + "type": "boolean" + }, "image": { "properties": { "digest": { @@ -681,9 +708,15 @@ }, "type": "object" }, + "nodeSelector": { + "type": "object" + }, "podLabels": { "type": "object" }, + "priorityClassName": { + "type": "string" + }, "tolerations": { "items": {}, "type": "array" @@ -734,19 +767,6 @@ } } }, - { - "properties": { - "burst": { - "type": "integer" - }, - "limit": { - "type": "integer" - }, - "nodes": { - "type": "integer" - } - } - }, { "properties": { "burst": { @@ -763,6 +783,12 @@ ] }, "type": "array" + }, + "sliceMode": { + "enum": [ + "identity", + "fcfs" + ] } }, "type": "object" @@ -1224,6 +1250,10 @@ "string" ] }, + "loadBalancerSourceRanges": { + "items": {}, + "type": "array" + }, "nodePort": { "type": "integer" }, @@ -1448,6 +1478,12 @@ }, "type": "object" }, + "commonLabels": { + "type": [ + "null", + "object" + ] + }, "conntrackGCInterval": { "type": "string" }, @@ -1485,6 +1521,12 @@ "string" ] }, + "enableSourceIPVerification": { + "type": [ + "null", + "boolean" + ] + }, "runPath": { "type": "string" } @@ -1528,6 +1570,9 @@ }, "type": "object" }, + "defaultLBServiceIPAM": { + "type": "string" + }, "directRoutingSkipUnreachable": { "type": "boolean" }, @@ -1601,12 +1646,21 @@ "enableIPv6Masquerade": { "type": "boolean" }, + "enableInternalTrafficPolicy": { + "type": "boolean" + }, "enableK8sTerminatingEndpoint": { "type": "boolean" }, + "enableLBIPAM": { + "type": "boolean" + }, "enableMasqueradeRouteSource": { "type": "boolean" }, + "enableNonDefaultDenyPolicies": { + "type": "boolean" + }, "enableRuntimeDeviceDetection": { "type": "boolean" }, @@ -1668,9 +1722,6 @@ "properties": { "persistentKeepalive": { "type": "string" - }, - "userspaceFallback": { - "type": "boolean" } }, "type": "object" @@ -1686,6 +1737,9 @@ }, "type": "object" }, + "endpointLockdownOnMapOverflow": { + "type": "boolean" + }, "endpointRoutes": { "properties": { "enabled": { @@ -1866,6 +1920,12 @@ "baseID": { "type": "integer" }, + "bootstrapConfigMap": { + "type": [ + "null", + "string" + ] + }, "connectTimeoutSeconds": { "type": "integer" }, @@ -1924,6 +1984,9 @@ "healthPort": { "type": "integer" }, + "httpRetryCount": { + "type": "integer" + }, "idleTimeoutDurationSeconds": { "type": "integer" }, @@ -1975,8 +2038,35 @@ "integer" ] }, + "defaultLevel": { + "oneOf": [ + { + "type": "null" + }, + { + "enum": [ + "trace", + "debug", + "info", + "warning", + "error", + "critical", + "off" + ] + } + ] + }, "format": { - "type": "string" + "type": [ + "null", + "string" + ] + }, + "format_json": { + "type": [ + "null", + "object" + ] }, "path": { "type": "string" @@ -1984,6 +2074,9 @@ }, "type": "object" }, + "maxConcurrentRetries": { + "type": "integer" + }, "maxConnectionDurationSeconds": { "type": "integer" }, @@ -2362,6 +2455,9 @@ "global": { "type": "object" }, + "healthCheckICMPFailureThreshold": { + "type": "integer" + }, "healthChecking": { "type": "boolean" }, @@ -2534,6 +2630,51 @@ }, "type": "object" }, + "dynamic": { + "properties": { + "config": { + "properties": { + "configMapName": { + "type": "string" + }, + "content": { + "items": { + "anyOf": [ + { + "properties": { + "contextOptions": { + "items": {}, + "type": "array" + }, + "excludeFilters": { + "items": {}, + "type": "array" + }, + "includeFilters": { + "items": {}, + "type": "array" + }, + "name": { + "type": "string" + } + } + } + ] + }, + "type": "array" + }, + "createConfigMap": { + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, "enableOpenMetrics": { "type": "boolean" }, @@ -3297,6 +3438,9 @@ }, "type": "object" }, + "labels": { + "type": "object" + }, "nodeSelector": { "properties": { "kubernetes.io/os": { @@ -3630,9 +3774,15 @@ "ciliumNodeUpdateRate": { "type": "string" }, + "installUplinkRoutesForDelegatedIPAM": { + "type": "boolean" + }, "mode": { "type": "string" }, + "multiPoolPreAllocation": { + "type": "string" + }, "operator": { "properties": { "autoCreateCiliumPodIPPools": { @@ -3688,6 +3838,9 @@ }, "type": "object" }, + "iptablesRandomFully": { + "type": "boolean" + }, "ipv4": { "properties": { "enabled": { @@ -3729,6 +3882,23 @@ "integer" ] }, + "operator": { + "properties": { + "burst": { + "type": [ + "null", + "integer" + ] + }, + "qps": { + "type": [ + "null", + "integer" + ] + } + }, + "type": "object" + }, "qps": { "type": [ "null", @@ -3749,6 +3919,18 @@ "k8sServiceHost": { "type": "string" }, + "k8sServiceLookupConfigMapName": { + "type": [ + "null", + "string" + ] + }, + "k8sServiceLookupNamespace": { + "type": [ + "null", + "string" + ] + }, "k8sServicePort": { "type": [ "string", @@ -3816,6 +3998,9 @@ "acceleration": { "type": "string" }, + "experimental": { + "type": "boolean" + }, "l7": { "properties": { "algorithm": { @@ -3854,6 +4039,12 @@ "name": { "type": "string" }, + "namespaceOverride": { + "type": [ + "null", + "string" + ] + }, "nat": { "properties": { "mapStatsEntries": { @@ -4315,6 +4506,9 @@ "enabled": { "type": "boolean" }, + "metricsService": { + "type": "boolean" + }, "port": { "type": "integer" }, @@ -4694,6 +4888,9 @@ "array" ] }, + "metricsService": { + "type": "boolean" + }, "port": { "type": "integer" }, @@ -4818,6 +5015,17 @@ "routingMode": { "type": "string" }, + "scheduling": { + "properties": { + "mode": { + "enum": [ + "anti-affinity", + "kube-scheduler" + ] + } + }, + "type": "object" + }, "sctp": { "properties": { "enabled": { @@ -5197,8 +5405,39 @@ }, "type": "object" }, + "readSecretsOnlyFromSecretsNamespace": { + "type": [ + "null", + "boolean" + ] + }, + "secretSync": { + "properties": { + "enabled": { + "type": [ + "null", + "boolean" + ] + } + }, + "type": "object" + }, "secretsBackend": { - "type": "string" + "type": [ + "null", + "string" + ] + }, + "secretsNamespace": { + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" diff --git a/packages/system/cilium/charts/cilium/values.yaml b/packages/system/cilium/charts/cilium/values.yaml index 4f925d56..0668966f 100644 --- a/packages/system/cilium/charts/cilium/values.yaml +++ b/packages/system/cilium/charts/cilium/values.yaml @@ -2,6 +2,17 @@ # This file is based on install/kubernetes/cilium/*values.yaml.tmpl. +# @schema +# type: [null, string] +# @schema +# -- namespaceOverride allows to override the destination namespace for Cilium resources. +# This property allows to use Cilium as part of an Umbrella Chart with different targets. +namespaceOverride: "" +# @schema +# type: [null, object] +# @schema +# -- commonLabels allows users to add common labels for all Cilium resources. +commonLabels: {} # @schema # type: [null, string] # @schema @@ -36,35 +47,62 @@ rbac: imagePullSecrets: [] # - name: "image-pull-secret" +# -- Configure iptables--random-fully. Disabled by default. View https://github.com/cilium/cilium/issues/13037 for more information. +iptablesRandomFully: false # -- (string) Kubernetes config path # @default -- `"~/.kube/config"` kubeConfigPath: "" -# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap (kubeadm-based clusters only) +# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap k8sServiceHost: "" # @schema # type: [string, integer] # @schema # -- (string) Kubernetes service port k8sServicePort: "" -# -- Configure the client side rate limit for the agent and operator +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the configMap name. It defaults to `cluster-info`. +k8sServiceLookupConfigMapName: "" +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the namespace that contains `k8sServiceLookupConfigMapName`. It defaults to `kube-public`. +k8sServiceLookupNamespace: "" +# -- Configure the client side rate limit for the agent # # If the amount of requests to the Kubernetes API server exceeds the configured -# rate limit, the agent and operator will start to throttle requests by delaying +# rate limit, the agent will start to throttle requests by delaying # them until there is budget or the request times out. k8sClientRateLimit: # @schema # type: [null, integer] # @schema # -- (int) The sustained request rate in requests per second. - # @default -- 5 for k8s up to 1.26. 10 for k8s version 1.27+ + # @default -- 10 qps: # @schema # type: [null, integer] # @schema # -- (int) The burst request rate in requests per second. # The rate limiter will allow short bursts with a higher rate. - # @default -- 10 for k8s up to 1.26. 20 for k8s version 1.27+ + # @default -- 20 burst: + # -- Configure the client side rate limit for the Cilium Operator + operator: + # @schema + # type: [null, integer] + # @schema + # -- (int) The sustained request rate in requests per second. + # @default -- 100 + qps: + # @schema + # type: [null, integer] + # @schema + # -- (int) The burst request rate in requests per second. + # The rate limiter will allow short bursts with a higher rate. + # @default -- 200 + burst: cluster: # -- Name of the cluster. Only required for Cluster Mesh and mutual authentication with SPIRE. # It must respect the following constraints: @@ -153,11 +191,24 @@ image: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.16.7" + tag: "v1.17.1" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:294d2432507fed393b26e9fbfacb25c2e37095578cb34dabac7312b66ed0782e" + digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866" useDigest: true +# -- Scheduling configurations for cilium pods +scheduling: + # @schema + # enum: ["anti-affinity", "kube-scheduler"] + # @schema + # -- Mode specifies how Cilium daemonset pods should be scheduled to Nodes. + # `anti-affinity` mode applies a pod anti-affinity rule to the cilium daemonset. + # Pod anti-affinity may significantly impact scheduling throughput for large clusters. + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # `kube-scheduler` mode forgoes the anti-affinity rule for full scheduling throughput. + # Kube-scheduler avoids host port conflict when scheduling pods. + # @default -- Defaults to apply a pod anti-affinity rule to the agent pod - `anti-affinity` + mode: anti-affinity # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -387,16 +438,6 @@ l2podAnnouncements: enabled: false # -- Interface used for sending Gratuitous ARP pod announcements interface: "eth0" -# -- Configure BGP -bgp: - # -- Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside - # cilium-agent and cilium-operator - enabled: false - announce: - # -- Enable allocation and announcement of service LoadBalancer IPs - loadbalancerIP: false - # -- Enable announcement of node pod CIDR - podCIDR: false # -- This feature set enables virtual BGP routers to be created via # CiliumBGPPeeringPolicy CRDs. bgpControlPlane: @@ -408,6 +449,12 @@ bgpControlPlane: create: false # -- The name of the secret namespace to which Cilium agents are given read access name: kube-system + # -- Status reporting settings (BGPv2 only) + statusReport: + # -- Enable/Disable BGPv2 status reporting + # It is recommended to enable status reporting in general, but if you have any issue + # such as high API server load, you can disable it by setting this to false. + enabled: true pmtuDiscovery: # -- Enable path MTU discovery to send ICMP fragmentation-needed replies to # the client. @@ -432,6 +479,8 @@ bpf: # -- (int) Configure the maximum number of entries in auth map. # @default -- `524288` authMapMax: ~ + # -- Enable CT accounting for packets and bytes + ctAccounting: false # @schema # type: [null, integer] # @schema @@ -447,7 +496,25 @@ bpf: # @default -- `262144` ctAnyMax: ~ # -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. + # Helm configuration for BPF events map rate limiting is experimental and might change + # in upcoming releases. events: + # -- Default settings for all types of events except dbg and pcap. + default: + # -- (int) Configure the limit of messages per second that can be written to + # BPF events map. The number of messages is averaged, meaning that if no messages + # were written to the map over 5 seconds, it's possible to write more events + # in the 6th second. If rateLimit is greater than 0, non-zero value for burstLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + rateLimit: ~ + # -- (int) Configure the maximum number of messages that can be written to BPF events + # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + burstLimit: ~ drop: # -- Enable drop events. enabled: true @@ -502,8 +569,23 @@ bpf: # -- Configure which TCP flags trigger notifications when seen for the # first time in a connection. monitorFlags: "all" - # -- Allow cluster external access to ClusterIP services. + # -- (bool) Allow cluster external access to ClusterIP services. + # @default -- `false` lbExternalClusterIP: false + # -- (bool) Enable loadBalancerSourceRanges CIDR filtering for all service + # types, not just LoadBalancer services. The corresponding NodePort and + # ClusterIP (if enabled for cluster-external traffic) will also apply the + # CIDR filter. + # @default -- `false` + lbSourceRangeAllTypes: false + # -- (bool) Enable the option to define the load balancing algorithm on + # a per-service basis through service.cilium.io/lb-algorithm annotation. + # @default -- `false` + lbAlgorithmAnnotation: false + # -- (bool) Enable the option to define the load balancing mode (SNAT or DSR) + # on a per-service basis through service.cilium.io/forwarding-mode annotation. + # @default -- `false` + lbModeAnnotation: false # @schema # type: [null, boolean] # @schema @@ -522,7 +604,7 @@ bpf: # @schema # type: [null, boolean] # @schema - # -- (bool) Configure the eBPF-based TPROXY to reduce reliance on iptables rules + # -- (bool) Configure the eBPF-based TPROXY (beta) to reduce reliance on iptables rules # for implementing Layer 7 policy. # @default -- `false` tproxy: ~ @@ -679,6 +761,14 @@ daemon: # # By default, all keys may be overridden. blockedConfigOverrides: ~ + # @schema + # type: [null, boolean] + # @schema + # -- enableSourceIPVerification is a boolean flag to enable or disable the Source IP verification + # of endpoints. This flag is useful when Cilium is chained with other CNIs. + # + # By default, this functionality is enabled + enableSourceIPVerification: true # -- Specify which network interfaces can run the eBPF datapath. This means # that a packet sent from a pod to a destination outside the cluster will be # masqueraded (to an output device IPv4 address), if the output device runs the @@ -722,11 +812,15 @@ ciliumEndpointSlice: limit: 10 burst: 20 - nodes: 100 - limit: 7 - burst: 15 - - nodes: 500 - limit: 5 - burst: 10 + limit: 50 + burst: 100 + # @schema + # enum: ["identity", "fcfs"] + # @schema + # -- The slicing mode to use for CiliumEndpointSlices. + # identity groups together CiliumEndpoints that share the same identity. + # fcfs groups together CiliumEndpoints in a first-come-first-serve basis, filling in the largest non-full slice first. + sliceMode: identity envoyConfig: # -- Enable CiliumEnvoyConfig CRD # CiliumEnvoyConfig CRD can also be implicitly enabled by other options. @@ -915,8 +1009,6 @@ encryption: # -- Enable IPsec encrypted overlay encryptedOverlay: false wireguard: - # -- Enables the fallback to the user-space implementation (deprecated). - userspaceFallback: false # -- Controls WireGuard PersistentKeepalive option. Set 0s to disable. persistentKeepalive: 0s endpointHealthChecking: @@ -932,6 +1024,8 @@ endpointRoutes: k8sNetworkPolicy: # -- Enable support for K8s NetworkPolicy enabled: true +# -- Enable endpoint lockdown on policy map overflow. +endpointLockdownOnMapOverflow: false eni: # -- Enable Elastic Network Interface (ENI) integration. enabled: false @@ -982,6 +1076,8 @@ gke: healthChecking: true # -- TCP port for the agent health API. This is not the port for cilium-health. healthPort: 9879 +# -- Number of ICMP requests sent for each health check before marking a node or endpoint unreachable. +healthCheckICMPFailureThreshold: 3 # -- Configure the host firewall. hostFirewall: # -- Enables the enforcement of host policies in the eBPF datapath. @@ -1004,14 +1100,16 @@ socketLB: # for the Kubernetes CronJob which will be scheduled regularly to # (re)generate any certificates not provided manually. certgen: + # -- When set to true the certificate authority secret is created. + generateCA: true image: # @schema # type: [null, string] # @schema override: ~ repository: "quay.io/cilium/certgen" - tag: "v0.2.0" - digest: "sha256:169d93fd8f2f9009db3b9d5ccd37c2b753d0989e1e7cd8fe79f9160c459eef4f" + tag: "v0.2.1" + digest: "sha256:ab6b1928e9c5f424f6b0f51c68065b9fd85e2f8d3e5f21fbd1a3cb27e6fb9321" useDigest: true pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted @@ -1022,6 +1120,12 @@ certgen: annotations: job: {} cronJob: {} + # -- Node selector for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # -- Priority class for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass + priorityClassName: "" # -- Node tolerations for pod assignment on nodes with taints # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ tolerations: [] @@ -1147,6 +1251,21 @@ hubble: namespace: ~ labelValue: "1" annotations: {} + # Dynamic metrics may be reconfigured without a need of agent restarts. + dynamic: + enabled: false + config: + # ---- Name of configmap with configuration that may be altered to reconfigure metric handlers within a running agent. + configMapName: cilium-dynamic-metrics-config + # ---- True if helm installer should create config map. + # Switch to false if you want to self maintain the file content. + createConfigMap: true + # ---- Exporters configuration in YAML format. + content: + - name: all + contextOptions: [] + includeFilters: [] + excludeFilters: [] # -- Unix domain socket path to listen to when Hubble is enabled. socketPath: /var/run/cilium/hubble.sock # -- Enables redacting sensitive information present in Layer 7 flows. @@ -1314,9 +1433,9 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.16.7" + tag: "v1.17.1" # hubble-relay-digest - digest: "sha256:8f408ed921cd534394aa1c57b313741cec6aec03a14ea243b2173cbf2c88c91e" + digest: "sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc" useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -1398,7 +1517,7 @@ hubble: - ALL # -- hubble-relay service configuration. service: - # --- The type of service used for Hubble Relay access, either ClusterIP or NodePort. + # --- The type of service used for Hubble Relay access, either ClusterIP, NodePort or LoadBalancer. type: ClusterIP # --- The port to use when the service type is set to NodePort. nodePort: 31234 @@ -1454,6 +1573,8 @@ hubble: # type: [null, string] # @schema # -- Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). + # + # This option has been deprecated and is a no-op. dialTimeout: ~ # @schema # type: [null, string] @@ -1625,6 +1746,8 @@ hubble: replicas: 1 # -- Annotations to be added to all top-level hubble-ui objects (resources under templates/hubble-ui) annotations: {} + # -- Additional labels to be added to 'hubble-ui' deployment object + labels: {} # -- Annotations to be added to hubble-ui pods podAnnotations: {} # -- Labels to be added to hubble-ui pods @@ -1760,7 +1883,7 @@ hubble: reasons: - auth_required - policy_denied -# -- Method to use for identity allocation (`crd` or `kvstore`). +# -- Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). identityAllocationMode: "crd" # -- (string) Time to wait before using new identity on endpoint identity change. # @default -- `"5s"` @@ -1776,6 +1899,10 @@ ipam: mode: "cluster-pool" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" + # -- Pre-allocation settings for IPAM in Multi-Pool mode + multiPoolPreAllocation: "" + # -- Install ingress/egress routes through uplink on host for Pods when working with delegated IPAM plugin. + installUplinkRoutesForDelegatedIPAM: false operator: # @schema # type: [array, string] @@ -1818,6 +1945,12 @@ ipam: # refill the bucket up to the burst size capacity. # @default -- `4.0` externalAPILimitQPS: ~ +# -- defaultLBServiceIPAM indicates the default LoadBalancer Service IPAM when +# no LoadBalancer class is set. Applicable values: lbipam, nodeipam, none +# @schema +# type: [string] +# @schema +defaultLBServiceIPAM: lbipam nodeIPAM: # -- Configure Node IPAM # ref: https://docs.cilium.io/en/stable/network/node-ipam/ @@ -1998,6 +2131,9 @@ loadBalancer: # endpoints filtering # serviceTopology: false + # -- experimental enables support for the experimental load-balancing + # control-plane. + experimental: false # -- L7 LoadBalancer l7: # -- Enable L7 service load balancing via envoy proxy. @@ -2067,6 +2203,7 @@ pprof: port: 6060 # -- Configure prometheus metrics on the configured port at /metrics prometheus: + metricsService: false enabled: false port: 9962 serviceMonitor: @@ -2139,11 +2276,37 @@ envoy: # Only needs to be changed if multiple Envoy instances will run on the same node and may have conflicts. Supported values: 0 - 4294967295. Defaults to '0' baseID: 0 log: - # -- The format string to use for laying out the log message metadata of Envoy. + # @schema + # type: [null, string] + # @schema + # -- The format string to use for laying out the log message metadata of Envoy. If specified, Envoy will use text format output. + # This setting is mutually exclusive with envoy.log.format_json. format: "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v" + # @schema + # type: [null, object] + # @schema + # -- The JSON logging format to use for Envoy. This setting is mutually exclusive with envoy.log.format. + # ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-applicationlogconfig-logformat-json-format + format_json: null + # date: "%Y-%m-%dT%T.%e" + # thread_id: "%t" + # source_line: "%s:%#" + # level: "%l" + # logger: "%n" + # message: "%j" # -- Path to a separate Envoy log file, if any. Defaults to /dev/stdout. path: "" # @schema + # oneOf: + # - type: [null] + # - enum: [trace,debug,info,warning,error,critical,off] + # @schema + # -- Default log level of Envoy application log that is configured if Cilium debug / verbose logging isn't enabled. + # This option allows to have a different log level than the Cilium Agent - e.g. lower it to `critical`. + # Possible values: trace, debug, info, warning, error, critical, off + # @default -- Defaults to the default log level of the Cilium Agent - `info` + defaultLevel: ~ + # @schema # type: [null, integer] # @schema # -- Size of the Envoy access log buffer created within the agent in bytes. @@ -2154,6 +2317,10 @@ envoy: connectTimeoutSeconds: 2 # -- Time in seconds after which the initial fetch on an xDS stream is considered timed out initialFetchTimeoutSeconds: 30 + # -- Maximum number of concurrent retries on Envoy clusters + maxConcurrentRetries: 128 + # -- Maximum number of retries for each HTTP request + httpRetryCount: 3 # -- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy maxRequestsPerConnection: 0 # -- Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) @@ -2210,6 +2377,15 @@ envoy: maxUnavailable: 2 # -- Roll out cilium envoy pods automatically when configmap is updated. rollOutPods: false + # -- ADVANCED OPTION: Bring your own custom Envoy bootstrap ConfigMap. Provide the name of a ConfigMap with a `bootstrap-config.json` key. + # When specified, Envoy will use this ConfigMap instead of the default provided by the chart. + # WARNING: Use of this setting has the potential to prevent cilium-envoy from starting up, and can cause unexpected behavior (e.g. due to + # syntax error or semantically incorrect configuration). Before submitting an issue, please ensure you have disabled this feature, as support + # cannot be provided for custom Envoy bootstrap configs. + # @schema + # type: [null, string] + # @schema + bootstrapConfigMap: ~ # -- Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) annotations: {} # -- Security Context for cilium-envoy pods. @@ -2395,12 +2571,42 @@ svcSourceRangeCheck: true synchronizeK8sNodes: true # -- Configure TLS configuration in the agent. tls: + # @schema + # type: [null, string] + # @schema # -- This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies # (namely the secrets referenced by terminatingTLS and originatingTLS). + # This value is DEPRECATED and will be removed in a future version. + # Use `tls.readSecretsOnlyFromSecretsNamespace` instead. # Possible values: # - local # - k8s - secretsBackend: local + secretsBackend: ~ + # @schema + # type: [null, boolean] + # @schema + # -- Configure if the Cilium Agent will only look in `tls.secretsNamespace` for + # CiliumNetworkPolicy relevant Secrets. + # If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access + # to _all_ secrets in the entire cluster. This is not recommended and is + # included for backwards compatibility. + # This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old + # setting, and `false` == `k8s`. + readSecretsOnlyFromSecretsNamespace: ~ + # -- Configures where secrets used in CiliumNetworkPolicies will be looked for + secretsNamespace: + # -- Create secrets namespace for TLS Interception secrets. + create: true + # -- Name of TLS Interception secret namespace. + name: cilium-secrets + # -- Configures settings for synchronization of TLS Interception Secrets + secretSync: + # @schema + # type: [null, boolean] + # @schema + # -- Enable synchronization of Secrets for TLS Interception. If disabled and + # tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. + enabled: ~ # -- Base64 encoded PEM values for the CA certificate and private key. # This can be used as common CA to generate certificates used by hubble and clustermesh components. # It is neither required nor used when cert-manager is used to generate the certificates. @@ -2487,15 +2693,15 @@ operator: # @schema override: ~ repository: "quay.io/cilium/operator" - tag: "v1.16.7" + tag: "v1.17.1" # operator-generic-digest - genericDigest: "sha256:25a41ac50bcebfb780ed2970e55a5ba1a5f26996850ed5a694dc69b312e0b5a0" + genericDigest: "sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97" # operator-azure-digest - azureDigest: "sha256:4e7e64cc505676d402c68043934e2c8efc75b294245514d7611a58d06b5e0f69" + azureDigest: "sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b" # operator-aws-digest - awsDigest: "sha256:110d922337bdbfc3cd4d7d71b85b2c8f72c1d9925e9b61b4cd73ff990799d7ba" + awsDigest: "sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:dbdc856303e1ab6734538e29791fdfc4fe2c1295fd7bbce8fa006cd3165f85c8" + alibabacloudDigest: "sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c" useDigest: true pullPolicy: "IfNotPresent" suffix: "" @@ -2619,6 +2825,7 @@ operator: # -- Enable prometheus metrics for cilium-operator on the configured port at # /metrics prometheus: + metricsService: false enabled: true port: 9963 serviceMonitor: @@ -2769,9 +2976,9 @@ preflight: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.16.7" + tag: "v1.17.1" # cilium-digest - digest: "sha256:294d2432507fed393b26e9fbfacb25c2e37095578cb34dabac7312b66ed0782e" + digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -2918,9 +3125,9 @@ clustermesh: # @schema override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.16.7" + tag: "v1.17.1" # clustermesh-apiserver-digest - digest: "sha256:8e7eda5b194d45c3b1607f5bf31cbb3fecd0f1cf85ce32b41f93b2bd832bf02f" + digest: "sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c" useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. @@ -3016,9 +3223,11 @@ clustermesh: # NodePort will be redirected to a local backend, regardless of whether the # destination node belongs to the local or the remote cluster. nodePort: 32379 - # -- Annotations for the clustermesh-apiserver - # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" - # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # -- Annotations for the clustermesh-apiserver service. + # Example annotations to configure an internal load balancer on different cloud providers: + # * AKS: service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # * EKS: service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + # * GKE: networking.gke.io/load-balancer-type: "Internal" annotations: {} # @schema # enum: [Local, Cluster] @@ -3062,6 +3271,10 @@ clustermesh: # Allows to configure a specific loadBalancerIP on the clustermesh-apiserver # LB service in case the Service type is set to LoadBalancer. loadBalancerIP: ~ + # -- Configure loadBalancerSourceRanges. + # Allows to configure the source IP ranges allowed to access the + # clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. + loadBalancerSourceRanges: [] # -- Number of replicas run for the clustermesh-apiserver deployment. replicas: 1 # -- lifecycle setting for the apiserver container @@ -3354,7 +3567,7 @@ dnsProxy: # -- Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. enableDnsCompression: true # -- Maximum number of IPs to maintain per FQDN name for each endpoint. - endpointMaxIpPerHostname: 50 + endpointMaxIpPerHostname: 1000 # -- Time during which idle but previously active connections with expired DNS lookups are still considered alive. idleConnectionGracePeriod: 0s # -- Maximum number of IPs to retain for expired DNS lookups with still-active connections. @@ -3376,6 +3589,8 @@ dnsProxy: sctp: # -- Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. enabled: false +# -- Enable Non-Default-Deny policies +enableNonDefaultDenyPolicies: true # Configuration for types of authentication for Cilium (beta) authentication: # -- Enable authentication processing and garbage collection. @@ -3418,12 +3633,14 @@ authentication: # @schema override: ~ repository: "docker.io/library/busybox" - tag: "1.36.1" - digest: "sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02" + tag: "1.37.0" + digest: "sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration agent: + # -- The priority class to use for the spire agent + priorityClassName: "" # -- SPIRE agent image image: # @schema @@ -3443,6 +3660,8 @@ authentication: annotations: {} # -- SPIRE agent labels labels: {} + # -- container resource limits & requests + resources: {} # -- SPIRE Workload Attestor kubelet verification. skipKubeletVerification: true # -- SPIRE agent tolerations configuration @@ -3475,6 +3694,8 @@ authentication: # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container securityContext: {} server: + # -- The priority class to use for the spire server + priorityClassName: "" # -- SPIRE server image image: # @schema @@ -3497,6 +3718,8 @@ authentication: # -- SPIRE server labels labels: {} # SPIRE server service configuration + # -- container resource limits & requests + resources: {} service: # -- Service type for the SPIRE server service type: ClusterIP @@ -3562,3 +3785,7 @@ authentication: agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s +# -- Enable Internal Traffic Policy +enableInternalTrafficPolicy: true +# -- Enable LoadBalancer IP Address Management +enableLBIPAM: true diff --git a/packages/system/cilium/charts/cilium/values.yaml.tmpl b/packages/system/cilium/charts/cilium/values.yaml.tmpl index 4a7c2def..4a4b7eb3 100644 --- a/packages/system/cilium/charts/cilium/values.yaml.tmpl +++ b/packages/system/cilium/charts/cilium/values.yaml.tmpl @@ -1,4 +1,16 @@ +# @schema +# type: [null, string] +# @schema +# -- namespaceOverride allows to override the destination namespace for Cilium resources. +# This property allows to use Cilium as part of an Umbrella Chart with different targets. +namespaceOverride: "" +# @schema +# type: [null, object] +# @schema +# -- commonLabels allows users to add common labels for all Cilium resources. +commonLabels: {} + # @schema # type: [null, string] # @schema @@ -34,35 +46,64 @@ rbac: imagePullSecrets: [] # - name: "image-pull-secret" +# -- Configure iptables--random-fully. Disabled by default. View https://github.com/cilium/cilium/issues/13037 for more information. +iptablesRandomFully: false + # -- (string) Kubernetes config path # @default -- `"~/.kube/config"` kubeConfigPath: "" -# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap (kubeadm-based clusters only) +# -- (string) Kubernetes service host - use "auto" for automatic lookup from the cluster-info ConfigMap k8sServiceHost: "" # @schema # type: [string, integer] # @schema # -- (string) Kubernetes service port k8sServicePort: "" -# -- Configure the client side rate limit for the agent and operator +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the configMap name. It defaults to `cluster-info`. +k8sServiceLookupConfigMapName: "" +# @schema +# type: [null, string] +# @schema +# -- (string) When `k8sServiceHost=auto`, allows to customize the namespace that contains `k8sServiceLookupConfigMapName`. It defaults to `kube-public`. +k8sServiceLookupNamespace: "" +# -- Configure the client side rate limit for the agent # # If the amount of requests to the Kubernetes API server exceeds the configured -# rate limit, the agent and operator will start to throttle requests by delaying +# rate limit, the agent will start to throttle requests by delaying # them until there is budget or the request times out. k8sClientRateLimit: # @schema # type: [null, integer] # @schema # -- (int) The sustained request rate in requests per second. - # @default -- 5 for k8s up to 1.26. 10 for k8s version 1.27+ + # @default -- 10 qps: # @schema # type: [null, integer] # @schema # -- (int) The burst request rate in requests per second. # The rate limiter will allow short bursts with a higher rate. - # @default -- 10 for k8s up to 1.26. 20 for k8s version 1.27+ + # @default -- 20 burst: + # -- Configure the client side rate limit for the Cilium Operator + operator: + # @schema + # type: [null, integer] + # @schema + # -- (int) The sustained request rate in requests per second. + # @default -- 100 + qps: + # @schema + # type: [null, integer] + # @schema + # -- (int) The burst request rate in requests per second. + # The rate limiter will allow short bursts with a higher rate. + # @default -- 200 + burst: + cluster: # -- Name of the cluster. Only required for Cluster Mesh and mutual authentication with SPIRE. # It must respect the following constraints: @@ -156,6 +197,19 @@ image: # cilium-digest digest: ${CILIUM_DIGEST} useDigest: ${USE_DIGESTS} +# -- Scheduling configurations for cilium pods +scheduling: + # @schema + # enum: ["anti-affinity", "kube-scheduler"] + # @schema + # -- Mode specifies how Cilium daemonset pods should be scheduled to Nodes. + # `anti-affinity` mode applies a pod anti-affinity rule to the cilium daemonset. + # Pod anti-affinity may significantly impact scheduling throughput for large clusters. + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # `kube-scheduler` mode forgoes the anti-affinity rule for full scheduling throughput. + # Kube-scheduler avoids host port conflict when scheduling pods. + # @default -- Defaults to apply a pod anti-affinity rule to the agent pod - `anti-affinity` + mode: anti-affinity # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -389,16 +443,6 @@ l2podAnnouncements: enabled: false # -- Interface used for sending Gratuitous ARP pod announcements interface: "eth0" -# -- Configure BGP -bgp: - # -- Enable BGP support inside Cilium; embeds a new ConfigMap for BGP inside - # cilium-agent and cilium-operator - enabled: false - announce: - # -- Enable allocation and announcement of service LoadBalancer IPs - loadbalancerIP: false - # -- Enable announcement of node pod CIDR - podCIDR: false # -- This feature set enables virtual BGP routers to be created via # CiliumBGPPeeringPolicy CRDs. bgpControlPlane: @@ -410,6 +454,12 @@ bgpControlPlane: create: false # -- The name of the secret namespace to which Cilium agents are given read access name: kube-system + # -- Status reporting settings (BGPv2 only) + statusReport: + # -- Enable/Disable BGPv2 status reporting + # It is recommended to enable status reporting in general, but if you have any issue + # such as high API server load, you can disable it by setting this to false. + enabled: true pmtuDiscovery: # -- Enable path MTU discovery to send ICMP fragmentation-needed replies to # the client. @@ -434,6 +484,8 @@ bpf: # -- (int) Configure the maximum number of entries in auth map. # @default -- `524288` authMapMax: ~ + # -- Enable CT accounting for packets and bytes + ctAccounting: false # @schema # type: [null, integer] # @schema @@ -449,7 +501,25 @@ bpf: # @default -- `262144` ctAnyMax: ~ # -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. + # Helm configuration for BPF events map rate limiting is experimental and might change + # in upcoming releases. events: + # -- Default settings for all types of events except dbg and pcap. + default: + # -- (int) Configure the limit of messages per second that can be written to + # BPF events map. The number of messages is averaged, meaning that if no messages + # were written to the map over 5 seconds, it's possible to write more events + # in the 6th second. If rateLimit is greater than 0, non-zero value for burstLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + rateLimit: ~ + # -- (int) Configure the maximum number of messages that can be written to BPF events + # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must + # also be provided lest the configuration is considered invalid. Setting both burstLimit + # and rateLimit to 0 disables BPF events rate limiting. + # @default -- `0` + burstLimit: ~ drop: # -- Enable drop events. enabled: true @@ -504,8 +574,23 @@ bpf: # -- Configure which TCP flags trigger notifications when seen for the # first time in a connection. monitorFlags: "all" - # -- Allow cluster external access to ClusterIP services. + # -- (bool) Allow cluster external access to ClusterIP services. + # @default -- `false` lbExternalClusterIP: false + # -- (bool) Enable loadBalancerSourceRanges CIDR filtering for all service + # types, not just LoadBalancer services. The corresponding NodePort and + # ClusterIP (if enabled for cluster-external traffic) will also apply the + # CIDR filter. + # @default -- `false` + lbSourceRangeAllTypes: false + # -- (bool) Enable the option to define the load balancing algorithm on + # a per-service basis through service.cilium.io/lb-algorithm annotation. + # @default -- `false` + lbAlgorithmAnnotation: false + # -- (bool) Enable the option to define the load balancing mode (SNAT or DSR) + # on a per-service basis through service.cilium.io/forwarding-mode annotation. + # @default -- `false` + lbModeAnnotation: false # @schema # type: [null, boolean] # @schema @@ -524,7 +609,7 @@ bpf: # @schema # type: [null, boolean] # @schema - # -- (bool) Configure the eBPF-based TPROXY to reduce reliance on iptables rules + # -- (bool) Configure the eBPF-based TPROXY (beta) to reduce reliance on iptables rules # for implementing Layer 7 policy. # @default -- `false` tproxy: ~ @@ -681,6 +766,14 @@ daemon: # # By default, all keys may be overridden. blockedConfigOverrides: ~ + # @schema + # type: [null, boolean] + # @schema + # -- enableSourceIPVerification is a boolean flag to enable or disable the Source IP verification + # of endpoints. This flag is useful when Cilium is chained with other CNIs. + # + # By default, this functionality is enabled + enableSourceIPVerification: true # -- Specify which network interfaces can run the eBPF datapath. This means # that a packet sent from a pod to a destination outside the cluster will be # masqueraded (to an output device IPv4 address), if the output device runs the @@ -727,11 +820,16 @@ ciliumEndpointSlice: limit: 10 burst: 20 - nodes: 100 - limit: 7 - burst: 15 - - nodes: 500 - limit: 5 - burst: 10 + limit: 50 + burst: 100 + + # @schema + # enum: ["identity", "fcfs"] + # @schema + # -- The slicing mode to use for CiliumEndpointSlices. + # identity groups together CiliumEndpoints that share the same identity. + # fcfs groups together CiliumEndpoints in a first-come-first-serve basis, filling in the largest non-full slice first. + sliceMode: identity envoyConfig: # -- Enable CiliumEnvoyConfig CRD @@ -924,8 +1022,6 @@ encryption: # -- Enable IPsec encrypted overlay encryptedOverlay: false wireguard: - # -- Enables the fallback to the user-space implementation (deprecated). - userspaceFallback: false # -- Controls WireGuard PersistentKeepalive option. Set 0s to disable. persistentKeepalive: 0s endpointHealthChecking: @@ -941,6 +1037,8 @@ endpointRoutes: k8sNetworkPolicy: # -- Enable support for K8s NetworkPolicy enabled: true +# -- Enable endpoint lockdown on policy map overflow. +endpointLockdownOnMapOverflow: false eni: # -- Enable Elastic Network Interface (ENI) integration. enabled: false @@ -991,6 +1089,8 @@ gke: healthChecking: true # -- TCP port for the agent health API. This is not the port for cilium-health. healthPort: 9879 +# -- Number of ICMP requests sent for each health check before marking a node or endpoint unreachable. +healthCheckICMPFailureThreshold: 3 # -- Configure the host firewall. hostFirewall: # -- Enables the enforcement of host policies in the eBPF datapath. @@ -1013,6 +1113,8 @@ socketLB: # for the Kubernetes CronJob which will be scheduled regularly to # (re)generate any certificates not provided manually. certgen: + # -- When set to true the certificate authority secret is created. + generateCA: true image: # @schema # type: [null, string] @@ -1031,6 +1133,12 @@ certgen: annotations: job: {} cronJob: {} + # -- Node selector for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: {} + # -- Priority class for certgen + # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass + priorityClassName: "" # -- Node tolerations for pod assignment on nodes with taints # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ tolerations: [] @@ -1156,6 +1264,21 @@ hubble: namespace: ~ labelValue: "1" annotations: {} + # Dynamic metrics may be reconfigured without a need of agent restarts. + dynamic: + enabled: false + config: + # ---- Name of configmap with configuration that may be altered to reconfigure metric handlers within a running agent. + configMapName: cilium-dynamic-metrics-config + # ---- True if helm installer should create config map. + # Switch to false if you want to self maintain the file content. + createConfigMap: true + # ---- Exporters configuration in YAML format. + content: + - name: all + contextOptions: [] + includeFilters: [] + excludeFilters: [] # -- Unix domain socket path to listen to when Hubble is enabled. socketPath: /var/run/cilium/hubble.sock # -- Enables redacting sensitive information present in Layer 7 flows. @@ -1407,7 +1530,7 @@ hubble: - ALL # -- hubble-relay service configuration. service: - # --- The type of service used for Hubble Relay access, either ClusterIP or NodePort. + # --- The type of service used for Hubble Relay access, either ClusterIP, NodePort or LoadBalancer. type: ClusterIP # --- The port to use when the service type is set to NodePort. nodePort: 31234 @@ -1463,6 +1586,8 @@ hubble: # type: [null, string] # @schema # -- Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). + # + # This option has been deprecated and is a no-op. dialTimeout: ~ # @schema # type: [null, string] @@ -1634,6 +1759,8 @@ hubble: replicas: 1 # -- Annotations to be added to all top-level hubble-ui objects (resources under templates/hubble-ui) annotations: {} + # -- Additional labels to be added to 'hubble-ui' deployment object + labels: {} # -- Annotations to be added to hubble-ui pods podAnnotations: {} # -- Labels to be added to hubble-ui pods @@ -1771,7 +1898,7 @@ hubble: - auth_required - policy_denied -# -- Method to use for identity allocation (`crd` or `kvstore`). +# -- Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). identityAllocationMode: "crd" # -- (string) Time to wait before using new identity on endpoint identity change. # @default -- `"5s"` @@ -1787,6 +1914,10 @@ ipam: mode: "cluster-pool" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" + # -- Pre-allocation settings for IPAM in Multi-Pool mode + multiPoolPreAllocation: "" + # -- Install ingress/egress routes through uplink on host for Pods when working with delegated IPAM plugin. + installUplinkRoutesForDelegatedIPAM: false operator: # @schema # type: [array, string] @@ -1829,6 +1960,12 @@ ipam: # refill the bucket up to the burst size capacity. # @default -- `4.0` externalAPILimitQPS: ~ +# -- defaultLBServiceIPAM indicates the default LoadBalancer Service IPAM when +# no LoadBalancer class is set. Applicable values: lbipam, nodeipam, none +# @schema +# type: [string] +# @schema +defaultLBServiceIPAM: lbipam nodeIPAM: # -- Configure Node IPAM # ref: https://docs.cilium.io/en/stable/network/node-ipam/ @@ -2011,6 +2148,10 @@ loadBalancer: # endpoints filtering # serviceTopology: false + # -- experimental enables support for the experimental load-balancing + # control-plane. + experimental: false + # -- L7 LoadBalancer l7: # -- Enable L7 service load balancing via envoy proxy. @@ -2081,6 +2222,7 @@ pprof: port: 6060 # -- Configure prometheus metrics on the configured port at /metrics prometheus: + metricsService: false enabled: false port: 9962 serviceMonitor: @@ -2153,11 +2295,37 @@ envoy: # Only needs to be changed if multiple Envoy instances will run on the same node and may have conflicts. Supported values: 0 - 4294967295. Defaults to '0' baseID: 0 log: - # -- The format string to use for laying out the log message metadata of Envoy. + # @schema + # type: [null, string] + # @schema + # -- The format string to use for laying out the log message metadata of Envoy. If specified, Envoy will use text format output. + # This setting is mutually exclusive with envoy.log.format_json. format: "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v" + # @schema + # type: [null, object] + # @schema + # -- The JSON logging format to use for Envoy. This setting is mutually exclusive with envoy.log.format. + # ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-applicationlogconfig-logformat-json-format + format_json: null + # date: "%Y-%m-%dT%T.%e" + # thread_id: "%t" + # source_line: "%s:%#" + # level: "%l" + # logger: "%n" + # message: "%j" # -- Path to a separate Envoy log file, if any. Defaults to /dev/stdout. path: "" # @schema + # oneOf: + # - type: [null] + # - enum: [trace,debug,info,warning,error,critical,off] + # @schema + # -- Default log level of Envoy application log that is configured if Cilium debug / verbose logging isn't enabled. + # This option allows to have a different log level than the Cilium Agent - e.g. lower it to `critical`. + # Possible values: trace, debug, info, warning, error, critical, off + # @default -- Defaults to the default log level of the Cilium Agent - `info` + defaultLevel: ~ + # @schema # type: [null, integer] # @schema # -- Size of the Envoy access log buffer created within the agent in bytes. @@ -2168,6 +2336,10 @@ envoy: connectTimeoutSeconds: 2 # -- Time in seconds after which the initial fetch on an xDS stream is considered timed out initialFetchTimeoutSeconds: 30 + # -- Maximum number of concurrent retries on Envoy clusters + maxConcurrentRetries: 128 + # -- Maximum number of retries for each HTTP request + httpRetryCount: 3 # -- ProxyMaxRequestsPerConnection specifies the max_requests_per_connection setting for Envoy maxRequestsPerConnection: 0 # -- Set Envoy HTTP option max_connection_duration seconds. Default 0 (disable) @@ -2224,6 +2396,15 @@ envoy: maxUnavailable: 2 # -- Roll out cilium envoy pods automatically when configmap is updated. rollOutPods: false + # -- ADVANCED OPTION: Bring your own custom Envoy bootstrap ConfigMap. Provide the name of a ConfigMap with a `bootstrap-config.json` key. + # When specified, Envoy will use this ConfigMap instead of the default provided by the chart. + # WARNING: Use of this setting has the potential to prevent cilium-envoy from starting up, and can cause unexpected behavior (e.g. due to + # syntax error or semantically incorrect configuration). Before submitting an issue, please ensure you have disabled this feature, as support + # cannot be provided for custom Envoy bootstrap configs. + # @schema + # type: [null, string] + # @schema + bootstrapConfigMap: ~ # -- Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) annotations: {} # -- Security Context for cilium-envoy pods. @@ -2411,12 +2592,42 @@ svcSourceRangeCheck: true synchronizeK8sNodes: true # -- Configure TLS configuration in the agent. tls: + # @schema + # type: [null, string] + # @schema # -- This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies # (namely the secrets referenced by terminatingTLS and originatingTLS). + # This value is DEPRECATED and will be removed in a future version. + # Use `tls.readSecretsOnlyFromSecretsNamespace` instead. # Possible values: # - local # - k8s - secretsBackend: local + secretsBackend: ~ + # @schema + # type: [null, boolean] + # @schema + # -- Configure if the Cilium Agent will only look in `tls.secretsNamespace` for + # CiliumNetworkPolicy relevant Secrets. + # If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access + # to _all_ secrets in the entire cluster. This is not recommended and is + # included for backwards compatibility. + # This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old + # setting, and `false` == `k8s`. + readSecretsOnlyFromSecretsNamespace: ~ + # -- Configures where secrets used in CiliumNetworkPolicies will be looked for + secretsNamespace: + # -- Create secrets namespace for TLS Interception secrets. + create: true + # -- Name of TLS Interception secret namespace. + name: cilium-secrets + # -- Configures settings for synchronization of TLS Interception Secrets + secretSync: + # @schema + # type: [null, boolean] + # @schema + # -- Enable synchronization of Secrets for TLS Interception. If disabled and + # tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. + enabled: ~ # -- Base64 encoded PEM values for the CA certificate and private key. # This can be used as common CA to generate certificates used by hubble and clustermesh components. # It is neither required nor used when cert-manager is used to generate the certificates. @@ -2635,6 +2846,7 @@ operator: # -- Enable prometheus metrics for cilium-operator on the configured port at # /metrics prometheus: + metricsService: false enabled: true port: 9963 serviceMonitor: @@ -3041,9 +3253,11 @@ clustermesh: # NodePort will be redirected to a local backend, regardless of whether the # destination node belongs to the local or the remote cluster. nodePort: 32379 - # -- Annotations for the clustermesh-apiserver - # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" - # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # -- Annotations for the clustermesh-apiserver service. + # Example annotations to configure an internal load balancer on different cloud providers: + # * AKS: service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # * EKS: service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + # * GKE: networking.gke.io/load-balancer-type: "Internal" annotations: {} # @schema # enum: [Local, Cluster] @@ -3087,6 +3301,10 @@ clustermesh: # Allows to configure a specific loadBalancerIP on the clustermesh-apiserver # LB service in case the Service type is set to LoadBalancer. loadBalancerIP: ~ + # -- Configure loadBalancerSourceRanges. + # Allows to configure the source IP ranges allowed to access the + # clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. + loadBalancerSourceRanges: [] # -- Number of replicas run for the clustermesh-apiserver deployment. replicas: 1 # -- lifecycle setting for the apiserver container @@ -3379,7 +3597,7 @@ dnsProxy: # -- Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. enableDnsCompression: true # -- Maximum number of IPs to maintain per FQDN name for each endpoint. - endpointMaxIpPerHostname: 50 + endpointMaxIpPerHostname: 1000 # -- Time during which idle but previously active connections with expired DNS lookups are still considered alive. idleConnectionGracePeriod: 0s # -- Maximum number of IPs to retain for expired DNS lookups with still-active connections. @@ -3401,6 +3619,8 @@ dnsProxy: sctp: # -- Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. enabled: false +# -- Enable Non-Default-Deny policies +enableNonDefaultDenyPolicies: true # Configuration for types of authentication for Cilium (beta) authentication: # -- Enable authentication processing and garbage collection. @@ -3449,6 +3669,8 @@ authentication: pullPolicy: "${PULL_POLICY}" # SPIRE agent configuration agent: + # -- The priority class to use for the spire agent + priorityClassName: "" # -- SPIRE agent image image: # @schema @@ -3468,6 +3690,8 @@ authentication: annotations: {} # -- SPIRE agent labels labels: {} + # -- container resource limits & requests + resources: {} # -- SPIRE Workload Attestor kubelet verification. skipKubeletVerification: true # -- SPIRE agent tolerations configuration @@ -3500,6 +3724,8 @@ authentication: # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container securityContext: {} server: + # -- The priority class to use for the spire server + priorityClassName: "" # -- SPIRE server image image: # @schema @@ -3522,6 +3748,8 @@ authentication: # -- SPIRE server labels labels: {} # SPIRE server service configuration + # -- container resource limits & requests + resources: {} service: # -- Service type for the SPIRE server service type: ClusterIP @@ -3587,3 +3815,7 @@ authentication: agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s +# -- Enable Internal Traffic Policy +enableInternalTrafficPolicy: true +# -- Enable LoadBalancer IP Address Management +enableLBIPAM: true diff --git a/packages/system/cilium/images/cilium/Dockerfile b/packages/system/cilium/images/cilium/Dockerfile index 4541770f..9ea72945 100644 --- a/packages/system/cilium/images/cilium/Dockerfile +++ b/packages/system/cilium/images/cilium/Dockerfile @@ -1,2 +1,2 @@ -ARG VERSION=v1.16.7 +ARG VERSION=v1.17.1 FROM quay.io/cilium/cilium:${VERSION} diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index 56ae36ae..d830c127 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -12,7 +12,7 @@ cilium: mode: "kubernetes" image: repository: ghcr.io/aenix-io/cozystack/cilium - tag: 1.16.7 - digest: "sha256:d2d6f5675aa30c18c4d9c08c27448173416cfb4a84080d5b9765fa1bdc9b4c70" + tag: latest + digest: "sha256:a731981fef38429551dabdbc347b0f9af66a9f935bcc861117d63bc6681b3ec0" envoy: enabled: false