Skip to content

Commit 99580a2

Browse files
freeznetfreeznet
committed
remove kube-rbac-proxy
1 parent 7a9d4f9 commit 99580a2

File tree

4 files changed

+23
-28
lines changed

4 files changed

+23
-28
lines changed

config/default/manager_auth_proxy_patch.yaml

Lines changed: 5 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,25 +9,12 @@ spec:
99
template:
1010
spec:
1111
containers:
12-
- name: kube-rbac-proxy
13-
image: docker.cloudsmith.io/streamnative/mirrors/gcr.io/kubebuilder/kube-rbac-proxy@sha256:67ecb332573384515406ebd71816781366b70adb0eb66345e5980e92603373e1
14-
args:
15-
- "--secure-listen-address=0.0.0.0:8443"
16-
- "--upstream=http://127.0.0.1:8080/"
17-
- "--logtostderr=true"
18-
- "--v=10"
19-
ports:
20-
- containerPort: 8443
21-
name: https
22-
resources:
23-
limits:
24-
cpu: 500m
25-
memory: 500Mi
26-
requests:
27-
cpu: 100m
28-
memory: 20Mi
2912
- name: manager
3013
args:
31-
- "--metrics-addr=127.0.0.1:8080"
14+
- "--metrics-addr=0.0.0.0:8443"
3215
- "--enable-leader-election"
3316
- "--namespaced-backend-config=backend-config"
17+
ports:
18+
- containerPort: 8443
19+
name: metrics
20+
protocol: TCP

config/manifests/bases/function-mesh.clusterserviceversion.yaml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
alm-examples: '[]'
66
capabilities: Full Lifecycle
77
categories: Streaming & Messaging
8-
containerImage: streamnative/function-mesh-operator:v0.0.0
8+
containerImage: docker-proxy.streamnative.io/streamnative/function-mesh-operator:v0.0.0
99
description: The Function Mesh Operator manages the Pulsar Functions and Connectors
1010
deployed on a Kubernetes cluster.
1111
operatorhub.io/ui-metadata-max-k8s-version: "1.26"
@@ -77,8 +77,6 @@ spec:
7777
name: StreamNative
7878
url: https://streamnative.io
7979
relatedImages:
80-
- image: streamnative/function-mesh-operator:v0.0.0
80+
- image: docker-proxy.streamnative.io/streamnative/function-mesh-operator:v0.0.0
8181
name: function-mesh
82-
- image: docker.cloudsmith.io/streamnative/mirrors/gcr.io/kubebuilder/kube-rbac-proxy@sha256:67ecb332573384515406ebd71816781366b70adb0eb66345e5980e92603373e1
83-
name: kube-rbac-proxy
8482
version: 0.0.0

hack/postprocess-bundle.sh

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@ yq eval -i '.annotations."com.redhat.openshift.versions" headComment = "Certifie
3737
# Add relatedImages
3838
yq -i '.spec.relatedImages = []' bundle/manifests/function-mesh.clusterserviceversion.yaml
3939
yq -i '.spec.relatedImages += {"name": "function-mesh", "image": ""}' bundle/manifests/function-mesh.clusterserviceversion.yaml
40-
yq -i '.spec.relatedImages += {"name": "kube-rbac-proxy", "image": "docker.cloudsmith.io/streamnative/mirrors/gcr.io/kubebuilder/kube-rbac-proxy@sha256:67ecb332573384515406ebd71816781366b70adb0eb66345e5980e92603373e1"}' bundle/manifests/function-mesh.clusterserviceversion.yaml
4140
yq -i '.spec.relatedImages[0].image += env(IMG_DIGEST)' bundle/manifests/function-mesh.clusterserviceversion.yaml
4241

4342
# Add feature annotations (required)

main.go

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ import (
2727
"github.com/streamnative/function-mesh/pkg/monitoring"
2828
"sigs.k8s.io/controller-runtime/pkg/cache"
2929
"sigs.k8s.io/controller-runtime/pkg/healthz"
30+
"sigs.k8s.io/controller-runtime/pkg/metrics/filters"
3031
"sigs.k8s.io/controller-runtime/pkg/metrics/server"
3132

3233
"github.com/go-logr/logr"
@@ -77,7 +78,8 @@ func main() {
7778
var globalBackendConfig string
7879
var globalBackendConfigNamespace string
7980
var namespacedBackendConfig string
80-
flag.StringVar(&metricsAddr, "metrics-addr", lookupEnvOrString("METRICS_ADDR", ":8080"),
81+
var secureMetrics bool
82+
flag.StringVar(&metricsAddr, "metrics-addr", lookupEnvOrString("METRICS_ADDR", ":8443"),
8183
"The address the metric endpoint binds to.")
8284
flag.StringVar(&leaderElectionID, "leader-election-id",
8385
lookupEnvOrString("LEADER_ELECTION_ID", "a3f45fce.functionmesh.io"),
@@ -108,6 +110,8 @@ func main() {
108110
"The namespace of the global backend config name used for all functions&sinks&sources")
109111
flag.StringVar(&namespacedBackendConfig, "namespaced-backend-config", lookupEnvOrString("NAMESPACED_BACKEND_CONFIG", "backend-config"),
110112
"The backend config name used for functions&sinks&sources in the same namespace")
113+
flag.BoolVar(&secureMetrics, "metrics-secure", true, "If set, the metrics endpoint is served securely via HTTPS."+
114+
" Use --metrics-secure=false to use HTTP instead.")
111115
flag.Parse()
112116

113117
ctrl.SetLogger(zap.New(zap.UseDevMode(true)))
@@ -133,11 +137,18 @@ func main() {
133137
}
134138
}
135139

140+
metricOpts := server.Options{
141+
BindAddress: metricsAddr,
142+
SecureServing: secureMetrics,
143+
}
144+
145+
if secureMetrics {
146+
metricOpts.FilterProvider = filters.WithAuthenticationAndAuthorization
147+
}
148+
136149
options := ctrl.Options{
137-
Scheme: scheme,
138-
Metrics: server.Options{
139-
BindAddress: metricsAddr,
140-
},
150+
Scheme: scheme,
151+
Metrics: metricOpts,
141152
HealthProbeBindAddress: healthProbeAddr,
142153
LeaderElection: enableLeaderElection,
143154
LeaderElectionNamespace: leaderElectionNamespace,

0 commit comments

Comments
 (0)