Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[META - Phases]: Discontinue Kube RBAC Proxy in Default Kubebuilder Scaffolding #3871

Open
1 of 5 tasks
camilamacedo86 opened this issue Apr 23, 2024 · 4 comments
Open
1 of 5 tasks

[META - Phases]: Discontinue Kube RBAC Proxy in Default Kubebuilder Scaffolding #3871

camilamacedo86 opened this issue Apr 23, 2024 · 4 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.

Comments

@camilamacedo86
Copy link
Member

camilamacedo86 commented Apr 23, 2024
edited

What do you want to happen?

Address the phases and changes discussed in the proposal: https://github.com/kubernetes-sigs/kubebuilder/blob/master/designs/discontinue_usage_of_kube_rbac_proxy.md

Extra Labels

No response
@camilamacedo86 camilamacedo86 added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/backlog Higher priority than priority/awaiting-more-evidence. labels Apr 23, 2024
This was referenced Apr 23, 2024
Open
Open
@fgiloux
Copy link
Contributor

fgiloux commented Apr 28, 2024
edited

Hi Camilla. Nice to see progress on this. If I am understanding things right you are considering two different ways of doing RBAC:

You also have two orthogonal subjects:

  • TLS certificates for the metrics endpoint, where you propose to optionally scaffold resources for cert-manager
  • scaffolding an SA, and referencing it in the ServiceMonitors, that can be leveraged by Prometheus for scrapping the metrics

This sounds good to me.

@fgiloux
Copy link
Contributor

fgiloux commented Apr 28, 2024

For phase 3: Maybe you mean issue 2781 as blocker?

@camilamacedo86
Copy link
Member Author

Hi @fgiloux,

For phase 3: Maybe you mean kubernetes-sigs/controller-runtime#2781 as blocker?

Yes, it is a blocker for us since it is not following the good practices and we cannot properly pass the certs via cert-manager within as it is now. However, asap they be able to enhance the feature in controller-runtime we can move forward within.

@fgiloux
Copy link
Contributor

fgiloux commented May 5, 2024

I meant controller-runtime #2781 is now blocking phase 3 instead of #2407, as it is its follow-up and #2407 has been merged.

@camilamacedo86 camilamacedo86 mentioned this issue May 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@camilamacedo86 @fgiloux