Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add clusterrolebinding to allow kube-rbac-proxy verify tokens #12042

Merged
merged 2 commits into from
Aug 11, 2022
Merged

Add clusterrolebinding to allow kube-rbac-proxy verify tokens #12042

merged 2 commits into from
Aug 11, 2022

Conversation

ArthurSens
Copy link
Contributor

@ArthurSens ArthurSens commented Aug 10, 2022
edited

Description

In #11782 I've added kube-rbac-proxy to content-service because Prometheus was not able to reach the metrics endpoint of content-service.

After this change got deployed, the error only changed to another one. We're now getting 401 Unathorized errors.

Looks like I forgot to add the role binding that authorizes kube-rbac-proxy to actually verify valid tokens.

Related Issue(s)

Solves alerts like this one.

How to test

You can connect to the preview of this PR, port-forward prometheus and verify that content-service is being scraped successfully at the page /targets

Release Notes

NONE

Werft options:

  • /werft with-preview

@ArthurSens
component/content-service: Add rolebinding for kube-rbac-proxy token …
5a8d636 
…verification

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
@ArthurSens
Add golden files
6f44d81 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
@ArthurSens ArthurSens requested review from a team August 10, 2022 13:21
@werft-gitpod-dev-com
Copy link

started the job as gitpod-build-as-content-rbac.6 because the annotations in the pull request description changed
(with .werft/ from main)

@github-actions github-actions bot added team: delivery Issue belongs to the self-hosted team team: workspace Issue belongs to the Workspace team labels Aug 10, 2022
jenting
jenting approved these changes Aug 10, 2022
View reviewed changes
Copy link
Contributor

@jenting jenting left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not test but code LGTM

@roboquat roboquat merged commit f5d79ca into main Aug 11, 2022
@roboquat roboquat deleted the as/content-rbac branch August 11, 2022 14:54
@roboquat roboquat added the deployed: workspace Workspace team change is running in production label Aug 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vulkoingim vulkoingim vulkoingim approved these changes

@jenting jenting jenting approved these changes

Assignees
No one assigned
Labels
deployed: workspace Workspace team change is running in production release-note-none size/L team: delivery Issue belongs to the self-hosted team team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ArthurSens @vulkoingim @jenting @roboquat