[WIP] Remove kube-rbac-proxy #79
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: elfosardo The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Replace kube-rbac-proxy with controller-runtime built-in WithAuthenticationAndAuthorization filter.
elfosardo
force-pushed
the
remove-kube-rbac-proxy-release
branch
from
ed62ee6 to
269a158
Compare
|
@elfosardo: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| // Create a new HTTP client with the custom transport | ||
| client := &http.Client{Transport: tr} | ||
| // Create a standard HTTP client (no TLS needed for HTTP) | ||
| client := &http.Client{} |
There was a problem hiding this comment.
What was the requirement to change the protocol here to http?
There was a problem hiding this comment.
I should've probably put a WIP here!
this is just for the sake of e2e tests, since the api are actually exposed with no TLS
the problem is actually more complex
before the change we used port 8443 on the proxy to expose both metrics (port 8080) and api (port 8087) redirecting based on the url, and provide TLS termination
I wonder if we should implement TLS for api endpoint first
openshift-ci
bot
added
the
do-not-merge/work-in-progress
2 participants
Replace kube-rbac-proxy with controller-runtime built-in WithAuthenticationAndAuthorization filter.