Merge pull request #472 from gianlucam76/remove-rbac-proxy

gianlucam76 · web-flow · commit 6377fc05e38c · 2024-02-27T05:15:32.000+01:00
Update drift-detection-manager post rbac proxy removal
diff --git a/Makefile b/Makefile
@@ -25,7 +25,7 @@ ARCH ?= amd64
 OS ?= $(shell uname -s | tr A-Z a-z)
 K8S_LATEST_VER ?= $(shell curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
 export CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)
-TAG ?= v0.24.0
+TAG ?= dev
 
 .PHONY: all
 all: build
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -15,4 +15,4 @@ spec:
         - "--report-mode=0"
         - --shard-key=
         - "--v=5"
-        - "--version=v0.24.0"
+        - "--version=dev"
diff --git a/config/default/manager_image_patch.yaml b/config/default/manager_image_patch.yaml
@@ -8,5 +8,5 @@ spec:
     spec:
       containers:
       # Change the value of image field below to your controller image URL
-      - image: projectsveltos/addon-controller-amd64:v0.24.0
+      - image: projectsveltos/addon-controller-amd64:dev
         name: controller
diff --git a/manifest/deployment-shard.yaml b/manifest/deployment-shard.yaml
@@ -23,10 +23,10 @@ spec:
         - --report-mode=0
         - --shard-key={{.SHARD}}
         - --v=5
-        - --version=v0.24.0
+        - --version=dev
         command:
         - /manager
-        image: projectsveltos/addon-controller-amd64:v0.24.0
+        image: projectsveltos/addon-controller-amd64:dev
         livenessProbe:
           failureThreshold: 3
           httpGet:
diff --git a/manifest/manifest.yaml b/manifest/manifest.yaml
@@ -3350,10 +3350,10 @@ spec:
         - --report-mode=0
         - --shard-key=
         - --v=5
-        - --version=v0.24.0
+        - --version=dev
         command:
         - /manager
-        image: projectsveltos/addon-controller-amd64:v0.24.0
+        image: projectsveltos/addon-controller-amd64:dev
         livenessProbe:
           failureThreshold: 3
           httpGet:
diff --git a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go
@@ -16,23 +16,7 @@ limitations under the License.
 */
 package driftdetection
 
-var driftDetectionInMgmtClusterYAML = []byte(`apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    control-plane: $NAME
-  name: $NAME-metrics-service
-  namespace: projectsveltos
-spec:
-  ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: https
-  selector:
-    control-plane: $NAME
----
-apiVersion: apps/v1
+var driftDetectionInMgmtClusterYAML = []byte(`apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
@@ -63,7 +47,7 @@ spec:
         - --run-mode=do-not-send-updates
         command:
         - /manager
-        image: projectsveltos/drift-detection-manager-amd64:v0.24.0
+        image: projectsveltos/drift-detection-manager-amd64:dev
         livenessProbe:
           httpGet:
             path: /healthz
@@ -89,29 +73,6 @@ spec:
           capabilities:
             drop:
             - ALL
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
       securityContext:
         runAsNonRoot: true
       serviceAccountName: drift-detection-manager
diff --git a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
@@ -1,19 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    control-plane: $NAME
-  name: $NAME-metrics-service
-  namespace: projectsveltos
-spec:
-  ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: https
-  selector:
-    control-plane: $NAME
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -45,7 +29,7 @@ spec:
         - --run-mode=do-not-send-updates
         command:
         - /manager
-        image: projectsveltos/drift-detection-manager-amd64:v0.24.0
+        image: projectsveltos/drift-detection-manager-amd64:dev
         livenessProbe:
           httpGet:
             path: /healthz
@@ -71,29 +55,6 @@ spec:
           capabilities:
             drop:
             - ALL
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
       securityContext:
         runAsNonRoot: true
       serviceAccountName: drift-detection-manager
diff --git a/pkg/drift-detection/drift-detection-manager.go b/pkg/drift-detection/drift-detection-manager.go
@@ -40,6 +40,18 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
 - apiGroups:
   - lib.projectsveltos.io
   resources:
@@ -76,34 +88,6 @@ rules:
   - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: drift-detection-metrics-reader
-rules:
-- nonResourceURLs:
-  - /metrics
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: drift-detection-proxy-role
-rules:
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: drift-detection-manager-rolebinding
@@ -116,35 +100,6 @@ subjects:
   name: drift-detection-manager
   namespace: projectsveltos
 ---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: drift-detection-proxy-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: drift-detection-proxy-role
-subjects:
-- kind: ServiceAccount
-  name: drift-detection-manager
-  namespace: projectsveltos
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    control-plane: drift-detection-manager
-  name: drift-detection-manager-metrics-service
-  namespace: projectsveltos
-spec:
-  ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: https
-  selector:
-    control-plane: drift-detection-manager
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -166,8 +121,7 @@ spec:
     spec:
       containers:
       - args:
-        - --health-probe-bind-address=:8081
-        - --metrics-bind-address=127.0.0.1:8080
+        - --diagnostics-address=:8443
         - --v=5
         - --cluster-namespace=
         - --cluster-name=
@@ -176,18 +130,29 @@ spec:
         - --run-mode=do-not-send-updates
         command:
         - /manager
-        image: projectsveltos/drift-detection-manager-amd64:v0.24.0
+        image: projectsveltos/drift-detection-manager-amd64:dev
         livenessProbe:
+          failureThreshold: 3
           httpGet:
             path: /healthz
-            port: 8081
+            port: healthz
+            scheme: HTTP
           initialDelaySeconds: 15
           periodSeconds: 20
         name: manager
+        ports:
+        - containerPort: 8443
+          name: metrics
+          protocol: TCP
+        - containerPort: 9440
+          name: healthz
+          protocol: TCP
         readinessProbe:
+          failureThreshold: 3
           httpGet:
             path: /readyz
-            port: 8081
+            port: healthz
+            scheme: HTTP
           initialDelaySeconds: 5
           periodSeconds: 10
         resources:
@@ -202,29 +167,6 @@ spec:
           capabilities:
             drop:
             - ALL
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=0
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
       securityContext:
         runAsNonRoot: true
       serviceAccountName: drift-detection-manager
diff --git a/pkg/drift-detection/drift-detection-manager.yaml b/pkg/drift-detection/drift-detection-manager.yaml
