Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using kubebuilder's built-it mechanizm to secure /metrics instead of using kube-rbac-proxy in helm-operator #6844

Open
dchirikov opened this issue Oct 15, 2024 · 2 comments · May be fixed by #6848
Open

Using kubebuilder's built-it mechanizm to secure /metrics instead of using kube-rbac-proxy in helm-operator #6844

dchirikov opened this issue Oct 15, 2024 · 2 comments · May be fixed by #6848
Labels
area/dependency Issues or PRs related to dependency changes

Comments

@dchirikov
Copy link

Feature Request

Describe the problem you need a feature to resolve.

Hi Team. In helm-operator code the /metrics endpoint is exposed and is using 3rd party component kube-rbac-proxy to secure access to it. The image is being used is being currently hosted on gcr.io. There is a plan to retire container registry on GCP so image will not be available from March 18, 2025

Describe the solution you'd like.

The proposed solution is to migrate to built-in authn/authz mechanism added to kubebuilder WithAuthenticationAndAuthorization. More details are described on the kubebuilder's page:
https://book.kubebuilder.io/reference/metrics

/language helm
@openshift-ci openshift-ci bot added the language/helm Issue is related to a Helm operator project label Oct 15, 2024
@acornett21 acornett21 removed the language/helm Issue is related to a Helm operator project label Oct 15, 2024
@acornett21
Copy link
Contributor

Hi @dchirikov With the below issue, we'll move to kubebuilder 4.1.1 and away from scaffolding the kube-rbac-proxy, there is nothing stopping you from moving your project to the latest controller runtime to pickup these changes if you need them before operator-sdk's work is finished.

@acornett21 acornett21 added the area/dependency Issues or PRs related to dependency changes label Oct 15, 2024
@dchirikov
Copy link
Author

Hi @acornett21 Thanks for pointing this out. I was digging into helm-operator code and did not realize I should be looking operator-sdk/internal/helm/flags/flag.go file to find cli args for helm-operator run
So I guess I need to run with --metrics-addr=0.0.0.0:8443 --metrics-secure to mimic kube-rbac-proxy.

@acornett21 acornett21 mentioned this issue Oct 22, 2024
Closed
2 tasks
@acornett21 acornett21 linked a pull request Oct 29, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dependency Issues or PRs related to dependency changes
Projects
None yet
Milestone
No milestone
2 participants
@dchirikov @acornett21