Skip to content

KO-366: Replace kube-rbac-proxy functionality with controller-runtime authz/authn filters#341

Merged
sud82 merged 8 commits intomasterfrom
KO-366
Feb 5, 2025
Merged

KO-366: Replace kube-rbac-proxy functionality with controller-runtime authz/authn filters#341
sud82 merged 8 commits intomasterfrom
KO-366

Conversation

@abhishekdwivedi3060
Copy link
Copy Markdown
Collaborator

@abhishekdwivedi3060 abhishekdwivedi3060 commented Jan 31, 2025
edited
Loading

  • Removed kube-rbac-proxy usage across the project and replaced it with controller-runtime authz/authn filters
  • Bumped operator-sdk to 1.39.1
  • Removed support for deprecated ControllerManagerConfiguration struct and moved to flag based approach
  • Moved webhook interface implementation from old deprecated to new CustomDefaulter and CustomerValidator interfaces
  • Added scaffold for newly added NetworkPolicy
  • Added scaffold for metric service with TLS integration with cert-manager

References:

  1. Kubebuilder Cert-manager integration for metrics endpoint: ✨ (go/v4): feat/fix: enhance cert-manager integration for metrics endpoints (follow-up to PR #4243) kubernetes-sigs/kubebuilder#4400
  2. Kubebuilder releases: https://github.com/kubernetes-sigs/kubebuilder/releases
  3. Kubebuilder sample project: https://github.com/kubernetes-sigs/kubebuilder/tree/v4.4.0/testdata/project-v4
  4. Kube-rbac-proxy discontinue design doc: https://github.com/kubernetes-sigs/kubebuilder/blob/master/designs/discontinue_usage_of_kube_rbac_proxy.md
  5. Kubebuilder doc for kube-rbac-proxy migration: https://book.kubebuilder.io/reference/metrics#optional-by-using-network-policy-disabled-by-default

Work deferred for next release:

  1. Move webhook code to internal pkg

TODO:

  1. Test upgrade

@abhishekdwivedi3060 abhishekdwivedi3060 changed the title KO-366: Replace kube-rbac-proxy functionality with controller-runtime authz/authn filters WIP: KO-366: Replace kube-rbac-proxy functionality with controller-runtime authz/authn filters Jan 31, 2025
@abhishekdwivedi3060 abhishekdwivedi3060 changed the title WIP: KO-366: Replace kube-rbac-proxy functionality with controller-runtime authz/authn filters KO-366: Replace kube-rbac-proxy functionality with controller-runtime authz/authn filters Jan 31, 2025
tanmayja
tanmayja reviewed Feb 1, 2025
View reviewed changes
@sud82 sud82 merged commit 055f63f into master Feb 5, 2025
@sud82 sud82 deleted the KO-366 branch February 5, 2025 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanmayja tanmayja tanmayja approved these changes

+1 more reviewer

@sud82 sud82 sud82 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@abhishekdwivedi3060 @sud82 @tanmayja