Skip to content

Drop kube-rbac-proxy container usage in config #243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 14, 2025
Merged

Drop kube-rbac-proxy container usage in config #243

merged 6 commits into from
Apr 14, 2025

Conversation

Rohit-0505
Copy link
Contributor

Overview

The PR removes the soon-to-be deprecated kube-rbac-proxy container dependency and replaces it with Controller-Runtime's built-in authn/authz for securing the metrics endpoint. This simplifies setup, enhances security, and follows the latest Kubebuilder best practices.

Key Changes

  • Modified the docker-build target to build multi-stage docker images, for ex: controller-manager and metalprobe docker images
  • Removed kube-rbac-proxy dependency.
  • Enabled Controller-Runtime's built-in authentication & authorization for metrics.
  • Enhanced cert-manager integration to secure metrics with TLS encryption.
  • Added e2e tests to validate the metrics endpoint

Fixes #209

Ref:
kubernetes-sigs/kubebuilder#3907
kubernetes-sigs/controller-runtime#2407
kubernetes-sigs/kubebuilder#4400
kubernetes-sigs/kubebuilder/docs/reference/metrics (v4.5.0)

@github-actions github-actions bot added size/XXL enhancement New feature or request labels Feb 19, 2025
@Rohit-0505 Rohit-0505 self-assigned this Feb 19, 2025
@Rohit-0505 Rohit-0505 marked this pull request as draft February 19, 2025 04:36
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch 11 times, most recently from 01146ca to 618a1fc Compare February 26, 2025 03:42
@Rohit-0505 Rohit-0505 marked this pull request as ready for review February 26, 2025 04:13
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from 618a1fc to c520545 Compare April 3, 2025 11:59
@Rohit-0505 Rohit-0505 marked this pull request as draft April 3, 2025 12:28
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from c520545 to 9be6bc9 Compare April 3, 2025 12:54
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from b2ddaf7 to 75871b8 Compare April 3, 2025 13:44
@lukas016 lukas016 force-pushed the osc/enh/replace-kube-rbac-proxy branch from e925843 to e7dea9e Compare April 3, 2025 15:56
@Rohit-0505 Rohit-0505 marked this pull request as ready for review April 3, 2025 16:02
afritzler
afritzler requested changes Apr 4, 2025
View reviewed changes
Nuckal777
Nuckal777 reviewed Apr 8, 2025
View reviewed changes
Copy link
Contributor

@Nuckal777 Nuckal777 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. 👍

@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch from 3d0990a to c552e93 Compare April 9, 2025 09:13
@Rohit-0505 Rohit-0505 marked this pull request as draft April 9, 2025 09:13
@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch 2 times, most recently from c4b847c to 9804673 Compare April 9, 2025 09:47
@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch 2 times, most recently from b3d86d5 to 1620c7d Compare April 9, 2025 12:08
@Rohit-0505 Rohit-0505 marked this pull request as ready for review April 9, 2025 12:25
@Rohit-0505 Rohit-0505 marked this pull request as draft April 9, 2025 13:03
@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch from 1620c7d to a6052d1 Compare April 9, 2025 14:38
@Rohit-0505 Rohit-0505 marked this pull request as ready for review April 9, 2025 14:50
Nuckal777
Nuckal777 reviewed Apr 10, 2025
View reviewed changes
@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch from f1ed0ed to d020b1e Compare April 11, 2025 06:52
@Rohit-0505 Rohit-0505 requested a review from Nuckal777 April 11, 2025 07:08
@afritzler afritzler changed the title Drop kube-rbac-proxy container and adopt controller-runtime native … Drop kube-rbac-proxy container Apr 14, 2025
@afritzler afritzler changed the title Drop kube-rbac-proxy container Drop kube-rbac-proxy container usage in config Apr 14, 2025
@afritzler afritzler merged commit 607e5db into ironcore-dev:main Apr 14, 2025
13 checks passed
@github-project-automation github-project-automation bot moved this to Done in Roadmap Apr 14, 2025
nagadeesh-nagaraja
nagadeesh-nagaraja reviewed Apr 14, 2025
View reviewed changes
@Rohit-0505 Rohit-0505 mentioned this pull request Apr 28, 2025
Merged
@afritzler afritzler mentioned this pull request Apr 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nuckal777 Nuckal777 Nuckal777 approved these changes

@nagadeesh-nagaraja nagadeesh-nagaraja nagadeesh-nagaraja left review comments

@afritzler afritzler afritzler approved these changes

@damyan damyan Awaiting requested review from damyan

Assignees

@Rohit-0505 Rohit-0505

Labels
api-change area/metal-automation enhancement New feature or request size/XL
Projects
Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Drop the usage of kube-rbac-proxy
5 participants
@Rohit-0505 @afritzler @Nuckal777 @nagadeesh-nagaraja @hardikdr