✨ Scaffold auth proxy #513
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mengqiy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
mengqiy
force-pushed
the
scaffold_auth
branch
from
66670c0
to
b907a90
Compare
pkg/scaffold/manager/cmd.go
Outdated
| @@ -57,6 +57,8 @@ import ( | |||
| ) | |||
|
|
|||
| func main() { | |||
| var metricsBindAddr string | |||
| flag.StringVar(&metricsBindAddr, "metrics-bind-addr", ":8080", "The address the metric endpoint binds to.") | |||
There was a problem hiding this comment.
nit: can we call the flag metrics-addr ? (internally we can use metricsBindAddr)
|
|
||
| // KustomizeProxyPatch scaffolds the patch file for enabling | ||
| // prometheus metrics for manager Pod. | ||
| type KustomizeProxyPatch struct { |
There was a problem hiding this comment.
Can we call this AuthProxy instead of Proxy ?
pkg/scaffold/project/kustomize.go
Outdated
| # Comment the following 3 lines if you want to disable | ||
| # kube-rbac-proxy (https://github.com/brancz/kube-rbac-proxy) | ||
| # which protects your /metrics endpoint. | ||
| - ../rbac/kube-rbac-proxy-service.yaml |
There was a problem hiding this comment.
Can we name this file auth_proxy_service.yaml to keep it consistent with the roles file (also note the underscore ?
pkg/scaffold/project/kustomize.go
Outdated
| # Protect the /metrics endpoint by putting it behind auth. | ||
| # Only one of manager_kube_rbac_proxy_patch.yaml and | ||
| # manager_prometheus_metrics_patch.yaml should be enabled. | ||
| - manager_kube_rbac_proxy_patch.yaml |
There was a problem hiding this comment.
Can we rename this file to use manager_auth_proxy_patch.yaml ?
pkg/scaffold/project/kustomize.go
Outdated
| # manager_prometheus_metrics_patch.yaml should be enabled. | ||
| - manager_kube_rbac_proxy_patch.yaml | ||
| # If you want your controller-manager to expose the /metrics | ||
| # endpoint w/o any authorization, uncomment the following line and |
mengqiy
force-pushed
the
scaffold_auth
branch
from
d0edba6
to
19150bf
Compare
|
PTAL |
mengqiy
force-pushed
the
scaffold_auth
branch
from
19150bf
to
e0047ce
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
@droot The last 2 commits are incremental changes since your last review. |
mengqiy
force-pushed
the
scaffold_auth
branch
2 times, most recently
from
4af3bbf
to
9818fef
Compare
| @@ -5,6 +5,7 @@ required = [ | |||
| "github.com/go-openapi/spec", | |||
| "github.com/onsi/ginkgo", # for integration testing | |||
| "github.com/spf13/pflag", | |||
| "github.com/pkg/errors", | |||
There was a problem hiding this comment.
dep will drop it w/o this line even it's a dependency of sigs.k8s.io/controller-tools
|
Looks good to me. Pl. squash the commits and then we are good to do. |
mengqiy
force-pushed
the
scaffold_auth
branch
from
9818fef
to
a227e64
Compare
Done |
droot
added
the
lgtm
The 1st commit update CR and CT to pickup latest changes that is necessary for this PR.