Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dependency on kube-rbac-proxy by adopting controller-runtime's native authn/authz for metrics #1226

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove dependency on kube-rbac-proxy by adopting controller-runtime's native authn/authz for metrics #1226

wants to merge 2 commits into from

Conversation

sujeet01
Copy link
Contributor

@sujeet01 sujeet01 commented Feb 3, 2025
edited
Loading

Overview

This PR removes the soon-to-be deprecated kube-rbac-proxy dependency and replaces it with Controller-Runtime's built-in authentication and authorization for securing the metrics endpoint. This simplifies setup, enhances security, and follows the latest Kubebuilder best practices.

Key Changes

  • Removed kube-rbac-proxy dependency.
  • Enabled Controller-Runtime's built-in authentication & authorization for metrics.
  • Enhanced cert-manager integration to secure metrics with TLS encryption.

Fixes #1203

Ref:
kubernetes-sigs/kubebuilder#3907
kubernetes-sigs/controller-runtime#2407
kubernetes-sigs/kubebuilder#4400
kubernetes-sigs/kubebuilder#4558
kubernetes-sigs/kubebuilder/docs/reference/metrics (v4.5.0)

@sujeet01 sujeet01 self-assigned this Feb 3, 2025
@github-actions github-actions bot added size/L enhancement New feature or request labels Feb 3, 2025
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from 8ee3622 to cbe1faa Compare February 3, 2025 07:52
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from cbe1faa to 2e4d763 Compare February 4, 2025 21:43
@github-actions github-actions bot added size/XL and removed size/L labels Feb 4, 2025
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch 4 times, most recently from aece9f2 to 3e5c218 Compare February 7, 2025 08:09
@sujeet01 sujeet01 marked this pull request as ready for review February 7, 2025 08:15
@sujeet01 sujeet01 requested a review from a team as a code owner February 7, 2025 08:15
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch 3 times, most recently from 5c3d7cf to 752cb0a Compare February 17, 2025 09:10
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from 752cb0a to 2b5375c Compare February 19, 2025 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sujeet01 sujeet01

Labels
enhancement New feature or request size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Drop the usage of kube-rbac-proxy
1 participant
@sujeet01