42 lines
948 B
YAML
42 lines
948 B
YAML
# oauth2-proxy must be configured with --upstream=http://hubble-ui:80
|
|
# so that it proxies authenticated requests to hubble-ui.
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: HTTPRoute
|
|
metadata:
|
|
name: hubble-ui
|
|
namespace: kube-system
|
|
spec:
|
|
parentRefs:
|
|
- name: shared-gateway
|
|
namespace: kube-system
|
|
sectionName: https-hel1
|
|
hostnames:
|
|
- hubble.hel1.oceanbox.io
|
|
rules:
|
|
- matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: "/"
|
|
backendRefs:
|
|
- name: oauth2-proxy
|
|
port: 80
|
|
---
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumNetworkPolicy
|
|
metadata:
|
|
name: allow-gateway-to-hubble-ui
|
|
namespace: kube-system
|
|
spec:
|
|
endpointSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: oauth2-proxy
|
|
ingress:
|
|
- fromCIDRSet:
|
|
- cidr: 10.0.0.0/8
|
|
- cidr: 172.16.0.0/12
|
|
- cidr: 192.168.0.0/16
|
|
- cidr: 100.64.0.0/12
|
|
- fromEndpoints:
|
|
- matchLabels:
|
|
"k8s:io.kubernetes.pod.namespace": kube-system
|