Merge pull request #993 from kubeshop/remove-rbac-proxy

feat: remove rbac proxy

Author: ypoplavs

charts/testkube-operator/templates/deployment.yaml

@@ -37,25 +37,12 @@ spec:
       priorityClassName: {{ .Values.priorityClassName }}
       {{- end }}
       containers:
-      - name: kube-rbac-proxy
-        args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --v=10
-        {{- toYaml .Values.args | nindent 8 }}
-        image: {{ include "global.images.image" (dict "imageRoot" .Values.proxy.image "global" .Values.global) }}
-        imagePullPolicy: {{ .Values.proxy.image.pullPolicy }}
-        {{- if .Values.proxy.resources }}
-        resources: {{ toYaml .Values.proxy.resources | nindent 10 }}
-        {{- end }}
-        ports:
-        - containerPort: 9443
-          name: https
-        securityContext: {{ include "testkube-operator.containerSecurityContext" . | nindent 10 }}
       - name: manager
         args:
         - --health-probe-bind-address=:{{ .Values.healthcheckPort }}
-        - --metrics-bind-address=127.0.0.1:8080
+        - --metrics-bind-address=:{{ .Values.metricsServerPort }}
+        - --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs
+        - --metrics-cert-path=/tmp/k8s-webhook-server/serving-certs
         - --leader-elect
         command:
         - /manager
@@ -75,7 +62,7 @@ spec:
         {{- if not .Values.webhook.enabled }}
         - name: ENABLE_WEBHOOKS
           value: "false"
-        {{- end }} 
+        {{- end }}
         {{- if .Values.useArgoCDSync }}
         - name: APISERVER_USE_ARGOCD_SYNC
           value: "true"
@@ -92,7 +79,7 @@ spec:
           value: "true"
         {{- end }}
         ports:
-        - containerPort: 9443
+        - containerPort: {{ .Values.webhookServerPort }}
           name: webhook-server
           protocol: TCP
         livenessProbe:

charts/testkube-operator/templates/service.yaml

@@ -18,7 +18,7 @@ metadata:
 spec:
   ports:
   - name: https
-    port: 8443
+    port: {{ .Values.metricsServerPort }}
     targetPort: https
   selector:
     control-plane: controller-manager
@@ -41,7 +41,7 @@ spec:
   ports:
   - port: 443
     protocol: TCP
-    targetPort: 9443
+    targetPort: {{ .Values.webhookServerPort }}
   selector:
     control-plane: controller-manager
 {{- end }}

charts/testkube-operator/templates/webhook-cert-create.yaml

@@ -111,4 +111,4 @@ spec:
       {{- toYaml .Values.global.nodeSelector | nindent 8 }}
       {{- end }}
   backoffLimit: 5
-{{- end }}
+{{- end }}

charts/testkube-operator/values.yaml

@@ -87,9 +87,13 @@ proxy:
 
 ## Testkube API full name
 apiFullname: "testkube-api-server"
-## Testkube API port
+# -- Testkube API port
 apiPort: 8088
-## Testkube Operator healthcheck port
+# -- Testkube Operator webhook server port
+webhookServerPort: 9443
+# -- Testkube Operator metrics server port
+metricsServerPort: 8443
+# -- Testkube Operator healthcheck port
 healthcheckPort: 8081
 # use ArgoCD sync owner references
 useArgoCDSync: false

charts/testkube/values.yaml

@@ -977,6 +977,10 @@ testkube-operator:
   apiFullname: "testkube-api-server"
   # -- Testkube API port
   apiPort: 8088
+  # -- Testkube Operator webhook server port
+  webhookServerPort: 9443
+  # -- Testkube Operator metrics server port
+  metricsServerPort: 8443
   # -- Testkube Operator healthcheck port
   healthcheckPort: 8081
   # -- Use ArgoCD sync owner references