Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-1999

rbac-proxy being removed - need to switch

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • netobserv-1.8
    • netobserv-1.7
    • Operator
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • NetObserv - Sprint 264, NetObserv - Sprint 265
    • None
    • None
    • Hide
      Previously, the operator came with a "kube-rbac-proxy" container to manage RBAC for its metrics server. This external component being deprecated, it was necessary to remove it. It is now replaced with direct TLS and RBAC management via Kubernetes controller-runtime, without the need for a side-car proxy.
      Show
      Previously, the operator came with a "kube-rbac-proxy" container to manage RBAC for its metrics server. This external component being deprecated, it was necessary to remove it. It is now replaced with direct TLS and RBAC management via Kubernetes controller-runtime, without the need for a side-car proxy.

      cf upstream ticket https://github.com/netobserv/network-observability-operator/issues/915

      Recommended approach is to use a new function API WithAuthenticationAndAuthorization

      Since we already support TLS for metrics, we also need to implement that in the operator. There's a  FAQ (https://github.com/kubernetes-sigs/kubebuilder/discussions/3907#discussion-6670554 ) to help transitioning - and a PR will soon provide some helpers for using with certificates: https://github.com/kubernetes-sigs/kubebuilder/pull/4400

              jtakvori Joel Takvorian
              jtakvori Joel Takvorian
              None
              None
              None
              Mehul Modi Mehul Modi
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: