From 7f3b4b8e0cf21e8c38f78fb078ff646fa8f881be Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <smirnov.andrey@gmail.com>
Date: Fri, 14 May 2021 13:20:17 +0300
Subject: [PATCH] fix: remove kube-rbac-proxy

This removes `kube-rbac-proxy` as it wasn't used and fully configured.

See #390

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
---
 .../default/manager_auth_proxy_patch.yaml     | 25 -------------------
 .../config/kustomization.yaml                 |  4 +--
 .../config/manager_auth_proxy_patch.yaml      | 21 ----------------
 3 files changed, 2 insertions(+), 48 deletions(-)
 delete mode 100644 app/cluster-api-provider-sidero/config/default/manager_auth_proxy_patch.yaml
 delete mode 100644 app/metal-controller-manager/config/manager_auth_proxy_patch.yaml

diff --git a/app/cluster-api-provider-sidero/config/default/manager_auth_proxy_patch.yaml b/app/cluster-api-provider-sidero/config/default/manager_auth_proxy_patch.yaml
deleted file mode 100644
index 61cb5e7cb..000000000
--- a/app/cluster-api-provider-sidero/config/default/manager_auth_proxy_patch.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
-# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: controller-manager
-  namespace: system
-spec:
-  template:
-    spec:
-      containers:
-      - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
-        args:
-        - "--secure-listen-address=0.0.0.0:8443"
-        - "--upstream=http://127.0.0.1:8080/"
-        - "--logtostderr=true"
-        - "--v=10"
-        ports:
-        - containerPort: 8443
-          name: https
-      - name: manager
-        args:
-        - "--metrics-addr=127.0.0.1:8080"
-        - "--enable-leader-election"
diff --git a/app/metal-controller-manager/config/kustomization.yaml b/app/metal-controller-manager/config/kustomization.yaml
index 523a82a0a..343502d6d 100644
--- a/app/metal-controller-manager/config/kustomization.yaml
+++ b/app/metal-controller-manager/config/kustomization.yaml
@@ -18,7 +18,7 @@ patchesStrategicMerge:
   # Protect the /metrics endpoint by putting it behind auth.
   # Only one of manager_auth_proxy_patch.yaml and
   # manager_prometheus_metrics_patch.yaml should be enabled.
-  - manager_auth_proxy_patch.yaml
+  #- manager_auth_proxy_patch.yaml
     # If you want your controller-manager to expose the /metrics
     # endpoint w/o any authn/z, uncomment the following line and
     # comment manager_auth_proxy_patch.yaml.
@@ -64,4 +64,4 @@ vars:
 #    version: v1
 #    name: webhook-service
 
-namespace: sidero-system
\ No newline at end of file
+namespace: sidero-system
diff --git a/app/metal-controller-manager/config/manager_auth_proxy_patch.yaml b/app/metal-controller-manager/config/manager_auth_proxy_patch.yaml
deleted file mode 100644
index 5864261b7..000000000
--- a/app/metal-controller-manager/config/manager_auth_proxy_patch.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
-# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: controller-manager
-  namespace: system
-spec:
-  template:
-    spec:
-      containers:
-      - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
-        args:
-        - "--secure-listen-address=0.0.0.0:8443"
-        - "--upstream=http://127.0.0.1:8080/"
-        - "--logtostderr=true"
-        - "--v=10"
-        ports:
-        - containerPort: 8443
-          name: https