Skip to content

Remove kube-rbac-proxy dependency & adopt controller-runtime native auth for metric #443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
damyan merged 1 commit into from
May 12, 2025
Merged

Remove kube-rbac-proxy dependency & adopt controller-runtime native auth for metric #443

damyan merged 1 commit into from
May 12, 2025

Conversation

@sujeet01
Copy link
Contributor

@sujeet01 sujeet01 commented Apr 18, 2025
edited
Loading

What this PR does / why we need it:
This PR removes the soon-to-be deprecated kube-rbac-proxy dependency and replaces it with Controller-Runtime's built-in authentication and authorization for securing the metrics endpoint. This simplifies setup, enhances security, and follows the latest Kubebuilder best practices.

Key Changes

  • Removed kube-rbac-proxy dependency.
  • Enabled Controller-Runtime's built-in authentication & authorization for metrics.
  • Enhanced cert-manager integration to secure metrics with TLS encryption.
  • Added E2E test suite and workflow to validate the metrics endpoint.
  • Aligned configuration manifests with Kubebuilder best practices.

Which issue(s) this PR fixes:
Fixes #396

Special notes for your reviewer:
Ref: kubernetes-sigs/kubebuilder#3907

Release note:

Removed deprecated kube-rbac-proxy and secured metrics endpoint using Controller-Runtime's built-in authentication and authorization

@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch from db53774 to 5e7c848 Compare April 24, 2025 16:17
@sujeet01 sujeet01 requested review from afritzler and damyan April 24, 2025 16:26
@sujeet01 sujeet01 marked this pull request as ready for review April 24, 2025 16:27
@sujeet01 sujeet01 self-assigned this Apr 24, 2025
@hardikdr hardikdr added this to Roadmap May 4, 2025
@hardikdr hardikdr added the area/metal-automation Automation processes within the Metal project. label May 5, 2025
@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch from 5e7c848 to 6c87ebf Compare May 9, 2025 11:18
@opensovereigncloud-user opensovereigncloud-user force-pushed the osc/enh/replace-kube-rbac-proxy branch from 6c87ebf to 991eec8 Compare May 9, 2025 13:41
damyan
damyan approved these changes May 12, 2025
View reviewed changes
Copy link
Member

@damyan damyan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @sujeet01!

@damyan damyan merged commit 7eb5102 into ironcore-dev:main May 12, 2025
9 of 10 checks passed
@github-project-automation github-project-automation bot moved this to Done in Roadmap May 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@damyan damyan damyan approved these changes

@afritzler afritzler Awaiting requested review from afritzler

Assignees

@sujeet01 sujeet01

Labels

area/metal-automation Automation processes within the Metal project. size/XL

Projects

Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Drop usage of kube-rbac-proxy

3 participants

@sujeet01 @damyan @hardikdr