From 941c32d44af5040cc01d4b66d80eb5d432a2cfee Mon Sep 17 00:00:00 2001
From: charlychiu <charlychiu@gmail.com>
Date: Fri, 11 Aug 2023 21:55:45 +0800
Subject: [PATCH] fix: not mount tls when disable

---
 roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2 b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
index d9cc4973a92..6d2b9cb2277 100644
--- a/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/hubble/deploy.yml.j2
@@ -56,9 +56,11 @@ spec:
           - mountPath: /etc/hubble-relay
             name: config
             readOnly: true
+          {% if cilium_hubble_tls_generate -%}
           - mountPath: /var/lib/hubble-relay/tls
             name: tls
             readOnly: true
+          {% endif %}
       restartPolicy: Always
       serviceAccount: hubble-relay
       serviceAccountName: hubble-relay
@@ -74,6 +76,7 @@ spec:
           path: /var/run/cilium
           type: Directory
         name: hubble-sock-dir
+      {% if cilium_hubble_tls_generate -%}
       - projected:
           sources:
           - secret:
@@ -93,6 +96,7 @@ spec:
                 - key: tls.key
                   path: server.key
         name: tls
+      {% endif %}
 ---
 # Source: cilium/templates/hubble-ui/deployment.yaml
 kind: Deployment