splunk
diff --git a/‎.github/workflows/helm-test-workflow.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/helm-test-workflow.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/debug/manager_auth_proxy_patch.yaml‎
Lines changed: 0 additions & 44 deletions b/‎config/debug/manager_auth_proxy_patch.yaml‎
Lines changed: 0 additions & 44 deletions
diff --git a/‎config/default/kustomization-cluster.yaml‎
Lines changed: 0 additions & 5 deletions b/‎config/default/kustomization-cluster.yaml‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎config/default/kustomization.yaml‎
Lines changed: 0 additions & 5 deletions b/‎config/default/kustomization.yaml‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎config/default/manager_auth_proxy_patch.yaml‎
Lines changed: 0 additions & 44 deletions b/‎config/default/manager_auth_proxy_patch.yaml‎
Lines changed: 0 additions & 44 deletions
diff --git a/‎config/rbac/auth_proxy_role.yaml‎
Lines changed: 0 additions & 17 deletions b/‎config/rbac/auth_proxy_role.yaml‎
Lines changed: 0 additions & 17 deletions
diff --git a/‎config/rbac/auth_proxy_service.yaml‎
Lines changed: 0 additions & 15 deletions b/‎config/rbac/auth_proxy_service.yaml‎
Lines changed: 0 additions & 15 deletions
diff --git a/‎config/rbac/kustomization-cluster.yaml‎
Lines changed: 0 additions & 7 deletions b/‎config/rbac/kustomization-cluster.yaml‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎config/rbac/kustomization.yaml‎
Lines changed: 4 additions & 7 deletions b/‎config/rbac/kustomization.yaml‎
Lines changed: 4 additions & 7 deletions
diff --git a/‎config/rbac/metrics_auth_proxy_role.yaml‎
Lines changed: 11 additions & 0 deletions b/‎config/rbac/metrics_auth_proxy_role.yaml‎
Lines changed: 11 additions & 0 deletions
@@ -4,6 +4,7 @@ on:
     branches:
       - develop
       - main
+      - bugfix/remove-rbac-bindings
       - feature**
 jobs:
   build-operator-image:
 
@@ -27,11 +27,6 @@ bases:
 #- ../prometheus
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
-
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
 
@@ -27,11 +27,6 @@ bases:
 #- ../prometheus
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
-
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
 
@@ -9,10 +9,3 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
@@ -9,10 +9,7 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
+- metrics_auth_proxy_role.yaml
+- metrics_auth_proxy_role_binding.yaml
+- metrics_reader_role.yaml
+- metrics_reader_role_binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-proxy-role
+rules:
+- apiGroups: ["authentication.k8s.io"]
+  resources: ["tokenreviews"]
+  verbs: ["create"]
+- apiGroups: ["authorization.k8s.io"]
+  resources: ["subjectaccessreviews"]
+  verbs: ["create"]