From db2bc926df39424c276b4ca27e5075f2d98b55d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Larivi=C3=A8re?= Date: Thu, 28 May 2026 17:01:35 -0400 Subject: [PATCH 1/2] feat(chart): Add grpcRoute support for hubble-relay --- .../templates/hubble-relay/grpcroute.yaml | 39 +++++++++++++++++++ .../templates/hubble-relay/service.yaml | 4 ++ .../controller/helm/retina/values.yaml | 18 +++++++++ 3 files changed, 61 insertions(+) create mode 100644 deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/grpcroute.yaml diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/grpcroute.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/grpcroute.yaml new file mode 100644 index 0000000000..3400605c40 --- /dev/null +++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/grpcroute.yaml @@ -0,0 +1,39 @@ +{{- if and (or .Values.hubble.enabled .Values.hubble.relay.standalone.enabled) .Values.hubble.relay.enabled .Values.hubble.relay.grpcRoute.enabled }} +{{- $port := .Values.hubble.relay.grpcRoute.port | default .Values.hubble.relay.servicePort | default (.Values.hubble.relay.tls.server.enabled | ternary 443 80) -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: GRPCRoute +metadata: + name: hubble-relay + namespace: {{ .Values.namespace }} + labels: + k8s-app: hubble-relay + app.kubernetes.io/name: hubble-relay + app.kubernetes.io/part-of: cilium + {{- with .Values.hubble.relay.grpcRoute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.hubble.relay.grpcRoute.annotations .Values.hubble.relay.annotations }} + annotations: + {{- with .Values.hubble.relay.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.hubble.relay.grpcRoute.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + {{- if .Values.hubble.relay.grpcRoute.parentRefs }} + parentRefs: + {{- toYaml .Values.hubble.relay.grpcRoute.parentRefs | nindent 4 }} + {{- end }} + {{- if .Values.hubble.relay.grpcRoute.hostnames }} + hostnames: + {{- range .Values.hubble.relay.grpcRoute.hostnames }} + - {{ tpl . $ | quote }} + {{- end }} + {{- end }} + rules: + - backendRefs: + - name: hubble-relay + port: {{ $port }} +{{- end }} diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml index cb82b4b97d..43e57ca185 100644 --- a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml +++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-relay/service.yaml @@ -21,6 +21,7 @@ spec: k8s-app: hubble-relay ports: - protocol: TCP + name: grpc {{- if .Values.hubble.relay.servicePort }} port: {{ .Values.hubble.relay.servicePort }} {{- else }} @@ -30,4 +31,7 @@ spec: {{- if and (eq "NodePort" .Values.hubble.relay.service.type) .Values.hubble.relay.service.nodePort }} nodePort: {{ .Values.hubble.relay.service.nodePort }} {{- end }} + {{- with .Values.hubble.relay.service.appProtocol }} + appProtocol: {{ . }} + {{- end }} {{- end }} diff --git a/deploy/hubble/manifests/controller/helm/retina/values.yaml b/deploy/hubble/manifests/controller/helm/retina/values.yaml index d7258dac61..6e2be8dfed 100644 --- a/deploy/hubble/manifests/controller/helm/retina/values.yaml +++ b/deploy/hubble/manifests/controller/helm/retina/values.yaml @@ -532,6 +532,24 @@ hubble: # by being built into the Service API and offering more predictable routing behavior. # See https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution trafficDistribution: "" + appProtocol: "grpc" + + # -- hubble-relay GRPCRoute configuration (Gateway API). + # Requires Kubernetes 1.26+ or Gateway API CRDs to be pre-installed. + grpcRoute: + enabled: false + annotations: {} + labels: {} + # -- Parent Gateways that this route is attached to. + parentRefs: + - name: example-gateway + namespace: default + sectionName: example-listener + # -- Hostnames for this GRPCRoute. + hostnames: + - chart-example.local + # -- Backend port number. Defaults to the service port (80 for plain, 443 for TLS). + port: ~ # -- Host to listen to. Specify an empty string to bind to all the interfaces. listenHost: "" From 22c603ace8eb5ba6fb66bb40c329af4992add0a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Larivi=C3=A8re?= Date: Fri, 29 May 2026 15:46:40 -0400 Subject: [PATCH 2/2] fix: Add tpl to httproute hostnames --- .../controller/helm/retina/templates/hubble-ui/httproute.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/httproute.yaml b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/httproute.yaml index 28899ca991..6e57d7d202 100644 --- a/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/httproute.yaml +++ b/deploy/hubble/manifests/controller/helm/retina/templates/hubble-ui/httproute.yaml @@ -30,7 +30,7 @@ spec: {{- if .Values.hubble.ui.httpRoute.hostnames }} hostnames: {{- range .Values.hubble.ui.httpRoute.hostnames }} - - {{ . }} + - {{ tpl (. | toString) $ }} {{- end }} {{- end }} rules: