Connectivity tests: Support Hubble relay with enabled TLS

[PhilipSchmid]

Proposal / RFE

Is your feature request related to a problem?

Cilium connectivity tests with enabled Hubble flow validation (cilium connectivity test --hubble, --hubble is enabled by default) do not work in case Hubble relay uses TLS. E.g., something like this:

hubble:
  enabled: true
  tls:
    enabled: true
    auto:
      enabled: true
      method: certmanager
      certManagerIssuerRef:
        group: cert-manager.io
        kind: Issuer
        name: cilium
  relay:
    enabled: true
    tls:
      server:
        enabled: true

This results in an error in case nothing is explicitly specified (cilium connectivity test):

⚠️  Unable to contact Hubble Relay, disabling Hubble telescope and flow validation: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"

... and in another error, in case --hubble-server tls://localhost:4245 is added:

⚠️ Unable to contact Hubble Relay, disabling Hubble telescope and flow validation: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp: address tls://localhost:4245: too many colons in address"

However, using Hubble CLI with the right parameters works just fine:

$ kubectl -n kube-system port-forward svc/hubble-relay 4245:443 &
$ hubble --server tls://localhost:4245 --tls-ca-cert-files=(pwd)/cilium-ca.crt --tls-server-name "*.hubble-relay.cilium.io" status
Healthcheck (via localhost:4245): Ok
Current/Max Flows: 32,760/32,760 (100.00%)
Flows/s: 474.71
Connected Nodes: 8/8

Describe the solution you'd like

We do not only need general "Hubble relay with enabled TLS" support for Cilium's connectivity tests but also similar configuration options as we have with Hubble CLI: tls-ca-cert-files and tls-server-name

Workaround until this is implemented: --hubble=false