Revision 57ac3d6ea3e6dd1c47c73d02cd307879ceb9403c authored by Alexandre Perrin on 14 January 2021, 13:13:22 UTC, committed by Alexandre Perrin on 19 April 2021, 07:21:31 UTC
In order to debug Relay to Hubble connectivity issues, it is sometimes
useful to have a Pod running with the Hubble CLI.
Because the Relay image is based on a scratch image, kubectl exec'ing
into it is not possible. While the Hubble CLI can be found in the Cilium
Pods, the Relay certificate needed to establish the mTLS handshake to
the Hubble server is not mounted into the Cilium Pods.
This commit introduce a new hubble-cli.yaml file. When debugging Relay
mTLS issues, it can be used to quickly run a hubble-cli Pod:
kubectl create -f /path/to/hubble-cli.yaml
Since the Relay mTLS certificates are mounted into the hubble-cli Pod,
one can connect to a Hubble server given it's IP address:
kubectl exec -it -n kube-system hubble-cli -- \
hubble observe --server tls://${IP?}:4244 \
--tls-server-name worker0.default.hubble-grpc.cilium.io \
--tls-ca-cert-files /var/lib/hubble-relay/tls/hubble-server-ca.crt \
--tls-client-cert-file /var/lib/hubble-relay/tls/client.crt \
--tls-client-key-file /var/lib/hubble-relay/tls/client.key
Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
1 parent 3b5b8dc
| File | Mode | Size |
|---|---|---|
| .github | ||
| .travis | ||
| Documentation | ||
| api | ||
| bpf | ||
| bugtool | ||
| cilium | ||
| cilium-health | ||
| clustermesh-apiserver | ||
| contrib | ||
| daemon | ||
| envoy | ||
| examples | ||
| hack | ||
| hubble-relay | ||
| images | ||
| install | ||
| jenkinsfiles | ||
| operator | ||
| pkg | ||
| plugins | ||
| proxylib | ||
| test | ||
| tests | ||
| tools | ||
| vendor | ||
| .authors.aux | -rw-r--r-- | 416 bytes |
| .gitattributes | -rw-r--r-- | 187 bytes |
| .gitignore | -rw-r--r-- | 1.5 KB |
| .gitmodules | -rw-r--r-- | 0 bytes |
| .golangci.yaml | -rw-r--r-- | 3.3 KB |
| .mailmap | -rw-r--r-- | 2.6 KB |
| .travis.yml | -rw-r--r-- | 1.1 KB |
| AUTHORS | -rw-r--r-- | 17.3 KB |
| CODEOWNERS | -rw-r--r-- | 12.2 KB |
| CODE_OF_CONDUCT.md | -rw-r--r-- | 2.2 KB |
| CONTRIBUTING.md | -rw-r--r-- | 227 bytes |
| FURTHER_READINGS.rst | -rw-r--r-- | 4.9 KB |
| GO_VERSION | -rw-r--r-- | 7 bytes |
| LICENSE | -rw-r--r-- | 11.1 KB |
| MAINTAINERS.md | -rw-r--r-- | 3.6 KB |
| Makefile | -rw-r--r-- | 28.2 KB |
| Makefile.defs | -rw-r--r-- | 5.7 KB |
| Makefile.docker | -rw-r--r-- | 6.1 KB |
| Makefile.quiet | -rw-r--r-- | 718 bytes |
| README.rst | -rw-r--r-- | 14.7 KB |
| SECURITY.md | -rw-r--r-- | 615 bytes |
| USERS.md | -rw-r--r-- | 6.8 KB |
| VERSION | -rw-r--r-- | 7 bytes |
| Vagrantfile | -rw-r--r-- | 12.8 KB |
| go.mod | -rw-r--r-- | 5.4 KB |
| go.sum | -rw-r--r-- | 136.5 KB |
| netlify.toml | -rw-r--r-- | 92 bytes |
| vagrant_box_defaults.rb | -rw-r--r-- | 330 bytes |
Computing file changes ...
