chore: remove deprecated kube-rbac-proxy #185
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Artur Shad Nik <[email protected]>
dosubot
bot
added
the
size:XL
Codecov ReportAttention: Patch coverage is
@@ Coverage Diff @@
## main #185 +/- ##
==========================================
- Coverage 71.05% 64.25% -6.81%
==========================================
Files 9 9
Lines 463 512 +49
==========================================
Hits 329 329
- Misses 115 164 +49
Partials 19 19
Continue to review full report in Codecov by Sentry.
|
mattwelke
requested changes
Dec 5, 2024
There was a problem hiding this comment.
Reviewed together offline.
- kube-rbac-proxy was doing auth for the metrics server.
- controller-runtime authors make auth code available and kubebuilder authors used it instead of the proxy.
- PR follows approach recommended by kubebuilder authors to add flags to main.go etc to control metrics, with metrics defaulting to enabled on port 8443 (helm chart default behavior).
- Found that the DevSpace config doesn't have the flag to start the metrics server, which means it defaults to being disabled (main.go default behavior), but that's fine because don't need metrics in DevSpace local dev.
- Found that the Service associated with reading metrics is always created, even when metrics are disabled (because we have no if in the Helm chart for it). We think this is fine for now. The extra service doesn't cause any trouble.
- Manual testing was performed to test that metrics can be retrieved at that port. But we had to add a new ClusterRoleBinding to do it. We asked for clarification about it on 🚨 Action Required: Ensure that you no longer use gcr.io/kubebuilder images kubernetes-sigs/kubebuilder#3907 (comment).
Signed-off-by: Artur Shad Nik <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
Signed-off-by: Artur Shad Nik <[email protected]>
TylerGillson
approved these changes
Dec 9, 2024
|
@arturshadnik great work. Please create an epic to mandate cert-manager for validator and all plugins. |
TylerGillson
pushed a commit
that referenced
this pull request
Dec 10, 2024
## Description This PR re-scaffolds the project using `kubebuilder alpha generate`. This is a follow-up to #185. - Updates a few things that were missed in the last PR wrt. metrics service - Initialize e2e tests. For now, we are only testing basic functionality. The tests should be expanded to cover validator-specific use-cases. --------- Signed-off-by: Artur Shad Nik <[email protected]>
arturshadnik
pushed a commit
that referenced
this pull request
Dec 11, 2024
🤖 I have created a release *beep* *boop* --- ## [0.0.13](v0.0.12...v0.0.13) (2024-12-11) ### Other * make reviewable ([#162](#162)) ([1adb7a3](1adb7a3)) * make reviewable ([#165](#165)) ([806549b](806549b)) * remove deprecated kube-rbac-proxy ([#185](#185)) ([ccd09f7](ccd09f7)) * update renovate.json ([68ba4e3](68ba4e3)) * Update renovate.json ([4cabcf3](4cabcf3)) ### Dependency Updates * **deps:** update all non-major dependencies ([#168](#168)) ([b8bab52](b8bab52)) * **deps:** update all non-major dependencies ([#173](#173)) ([9f10771](9f10771)) * **deps:** update all non-major dependencies ([#184](#184)) ([e7e9f54](e7e9f54)) * **deps:** update build digest to 3463b98 ([#170](#170)) ([eb22d66](eb22d66)) * **deps:** update build digest to 3840c9d ([#171](#171)) ([df3828a](df3828a)) * **deps:** update build digest to 5ffe724 ([#174](#174)) ([09ba18e](09ba18e)) * **deps:** update build digest to 713df39 ([#172](#172)) ([06ae53d](06ae53d)) * **deps:** update build digest to a46a554 ([#177](#177)) ([59be487](59be487)) * **deps:** update build digest to c847351 ([#187](#187)) ([91e1062](91e1062)) * **deps:** update build digest to d0ef938 ([#181](#181)) ([c6f079a](c6f079a)) * **deps:** update build digest to db64f63 ([#169](#169)) ([1e1aa64](1e1aa64)) * **deps:** update build digest to dd09b58 ([#176](#176)) ([cca4036](cca4036)) * **deps:** update build digest to de3e944 ([#186](#186)) ([8c5c68f](8c5c68f)) * **deps:** update kubernetes packages to v0.31.1 ([a78b991](a78b991)) * **deps:** update kubernetes packages to v0.31.2 ([5aac110](5aac110)) * **deps:** update module github.com/onsi/ginkgo/v2 to v2.20.2 ([cee1ee7](cee1ee7)) * **deps:** update module github.com/onsi/ginkgo/v2 to v2.21.0 ([a9b33e5](a9b33e5)) * **deps:** update module github.com/onsi/gomega to v1.34.2 ([0e24959](0e24959)) * **deps:** update module github.com/onsi/gomega to v1.35.0 ([75797b3](75797b3)) * **deps:** update module github.com/onsi/gomega to v1.36.0 ([#180](#180)) ([f68ff11](f68ff11)) * **deps:** update module github.com/onsi/gomega to v1.36.1 ([#188](#188)) ([c83531a](c83531a)) * **deps:** update module github.com/stretchr/testify to v1.10.0 ([#179](#179)) ([bfcbd67](bfcbd67)) * **deps:** update module github.com/validator-labs/validator to v0.1.10 ([fae822d](fae822d)) * **deps:** update module github.com/validator-labs/validator to v0.1.12 ([#159](#159)) ([520dd0c](520dd0c)) * **deps:** update module github.com/validator-labs/validator to v0.1.13 ([#178](#178)) ([8b7f232](8b7f232)) * **deps:** update module github.com/validator-labs/validator to v0.1.14 ([#182](#182)) ([a788e6e](a788e6e)) * **deps:** update module github.com/validator-labs/validator to v0.1.9 ([0fe0303](0fe0303)) * **deps:** update module sigs.k8s.io/cluster-api to v1.8.2 ([de0dc2f](de0dc2f)) * **deps:** update module sigs.k8s.io/cluster-api to v1.8.4 ([ef21e50](ef21e50)) * **deps:** update module sigs.k8s.io/cluster-api to v1.9.0 ([#190](#190)) ([fbbdb62](fbbdb62)) * **deps:** update module sigs.k8s.io/controller-runtime to v0.19.1 ([df05e59](df05e59)) * **deps:** update module sigs.k8s.io/controller-runtime to v0.19.2 ([#175](#175)) ([776c853](776c853)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
Resolves #183
Description
kube-rbac-proxy, which was previously used to secure the metrics server is being deprecated.This PR:
kube-rbac-proxyand switches to the new recommended method for securing the metrics server using the built-inWithAuthenticationAndAuthorizationfeature fromController-Runtimeconfig/default/kustomization.yaml.patchesStrategicMergeis deprecated ->patches