Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove kube-rbac-proxy #722

Merged
merged 1 commit into from
Dec 9, 2024
Merged

Remove kube-rbac-proxy #722

merged 1 commit into from
Dec 9, 2024

Conversation

kannon92
Copy link
Contributor

@kannon92 kannon92 commented Dec 4, 2024

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #721

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels Dec 4, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 4, 2024
@netlify Netlify
Copy link

netlify bot commented Dec 4, 2024
edited
Loading

Deploy Preview for kubernetes-sigs-jobset canceled.

Name Link
🔨 Latest commit fcc1ca3
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-jobset/deploys/675707e8c61d140008b81ca7

@kannon92 kannon92 force-pushed the remove-kube-rbac-proxy branch from 047521a to 52219cd Compare December 6, 2024 16:19
@kannon92 kannon92 changed the title wip: remove kube-rbac-proxy Remove kube-rbac-proxy Dec 6, 2024
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 6, 2024
@kannon92
Copy link
Contributor Author

kannon92 commented Dec 6, 2024

I was able to confirm this works via:

apiVersion: v1
kind: Pod
metadata:
  name: metrics-consumer
  namespace: jobset-system
spec:
  # Use the scaffolded service account name to allow authn/authz
  serviceAccountName: jobset-controller-manager
  containers:
  - name: metrics-consumer
    image: curlimages/curl:7.78.0
    command: ["/bin/sh"]
    args:
      - "-c"
      - >
        while true;
        do
          # Note here that we are passing the token obtained from the ServiceAccount to curl the metrics endpoint
          curl -s -k -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://jobset-controller-manager-metrics-service.jobset-system.svc.cluster.local:8443/metrics;
          sleep 60;
        done

When I run this pod, I am able to see that the metrics server is correctly secured.

@mbobrovskyi mbobrovskyi mentioned this pull request Dec 6, 2024
Merged
@kannon92 kannon92 mentioned this pull request Dec 6, 2024
Open
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 9, 2024
@kannon92 kannon92 force-pushed the remove-kube-rbac-proxy branch from 52219cd to fcc1ca3 Compare December 9, 2024 15:08
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 9, 2024
@ahg-g
Copy link
Contributor

ahg-g commented Dec 9, 2024

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 9, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahg-g, kannon92

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 9, 2024
@k8s-ci-robot k8s-ci-robot merged commit a2249cd into kubernetes-sigs:main Dec 9, 2024
12 checks passed
@ahg-g
Copy link
Contributor

ahg-g commented Dec 17, 2024

@camilamacedo86 thanks a lot for reviewing kubernetes-sigs/lws#284; do you mind taking a look at this PR? It is already merged, but we can open a followup if there is something here that needs tweaking.

@kannon92 kannon92 mentioned this pull request Dec 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahg-g ahg-g Awaiting requested review from ahg-g

@danielvegamyhre danielvegamyhre Awaiting requested review from danielvegamyhre

Assignees

@ahg-g ahg-g

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Action Required: Replace Deprecated gcr.io/kubebuilder/kube-rbac-proxy
3 participants
@kannon92 @ahg-g @k8s-ci-robot