You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Helm Chart's usage of kube-rbac-proxy container outputs these logs during start-up.
==== Deprecation Warning ======================
Insecure listen address will be removed.
Using --insecure-listen-address won't be possible!The ability to run kube-rbac-proxy without TLS certificates will be removed.Not using --tls-cert-file and --tls-private-key-file won't be possible!
For more information, please go to https://github.com/brancz/kube-rbac-proxy/issues/187
===============================================
We are removing the option to run kube-rbac-proxy without configured TLS certificates.
This means that:
using insecure-listen-addresss won't work any more.
not setting tls-cert-file and tls-private-key-file won't work any more.
Upstream H2C should still work, but we might remove verified claims about an identity that are send to upstream in the future.
Why
We are aware that we create obstacles in running kube-rbac-proxy for testing or debugging purposes.
But we reduce the probability for an insecure set up of kube-rbac-proxy, which is a security relevant component.
Running kube-rbac-proxy without TLS certificates, makes it possible to impersonate kube-rbac-proxy.
The reason that we remove that capability is a pre-acceptance requirement for kube-rbac-proxy, before we can donate the project so sig-auth of k8s.
The text was updated successfully, but these errors were encountered:
Thanks for the heads up, @darren-recentive! I don't think we're using kube-rbac-proxy for very much so we're seeing if we can remove it from the chart.
The Helm Chart's usage of
kube-rbac-proxy
container outputs these logs during start-up.v1.5.0 recommended.yaml
Snippet from the Github Issue brancz/kube-rbac-proxy#187
The text was updated successfully, but these errors were encountered: