From 30fd00a1c80dd8c260f208551050bc75621f8727 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Wed, 21 May 2025 14:43:48 +0530 Subject: [PATCH 1/2] fix : remove kube-rbac-proxy container from Operator deployment Signed-off-by: Rohan Kumar --- build/scripts/generate_deployment.sh | 8 +-- ...kspace-operator.clusterserviceversion.yaml | 13 ----- go.mod | 22 ++++++++ go.sum | 50 +++++++++++++++++++ internal/images/image.go | 12 ----- main.go | 8 ++- pkg/webhook/deployment.go | 22 ++------ webhook/main.go | 8 ++- 8 files changed, 90 insertions(+), 53 deletions(-) diff --git a/build/scripts/generate_deployment.sh b/build/scripts/generate_deployment.sh index d63632d07..a10b30e72 100755 --- a/build/scripts/generate_deployment.sh +++ b/build/scripts/generate_deployment.sh @@ -31,7 +31,7 @@ set -e # List of environment variables that will be replaced by envsubst -SUBST_VARS='$NAMESPACE $DWO_IMG $RBAC_PROXY_IMAGE $PROJECT_CLONE_IMG $ROUTING_SUFFIX $DEFAULT_ROUTING $PULL_POLICY' +SUBST_VARS='$NAMESPACE $DWO_IMG $PROJECT_CLONE_IMG $ROUTING_SUFFIX $DEFAULT_ROUTING $PULL_POLICY' SCRIPT_DIR=$(cd "$(dirname "$0")"; pwd) DEPLOY_DIR="$SCRIPT_DIR/../../deploy/" @@ -177,24 +177,19 @@ fi # Run kustomize to build yamls echo "Generating config for Kubernetes" -export RBAC_PROXY_IMAGE="${KUBE_RBAC_PROXY_IMAGE:-quay.io/brancz/kube-rbac-proxy:v0.13.1}" ${KUSTOMIZE} build "${DEPLOY_DIR}/templates/cert-manager" \ | envsubst "$SUBST_VARS" \ > "${KUBERNETES_DIR}/${COMBINED_FILENAME}" -unset RBAC_PROXY_IMAGE echo "File saved to ${KUBERNETES_DIR}/${COMBINED_FILENAME}" echo "Generating config for OpenShift" -export RBAC_PROXY_IMAGE="${OPENSHIFT_RBAC_PROXY_IMAGE:-quay.io/brancz/kube-rbac-proxy:v0.13.1}" ${KUSTOMIZE} build "${DEPLOY_DIR}/templates/service-ca" \ | envsubst "$SUBST_VARS" \ > "${OPENSHIFT_DIR}/${COMBINED_FILENAME}" -unset RBAC_PROXY_IMAGE echo "File saved to ${OPENSHIFT_DIR}/${COMBINED_FILENAME}" if $GEN_OLM; then echo "Generating base deployment files for OLM" - export RBAC_PROXY_IMAGE="${OPENSHIFT_RBAC_PROXY_IMAGE:-quay.io/brancz/kube-rbac-proxy:v0.13.1}" export NAMESPACE=openshift-operators # Generate .spec.relatedImages for CSV based on deployment TMPCSV="csv.tmp.yaml" @@ -222,7 +217,6 @@ if $GEN_OLM; then | envsubst "$SUBST_VARS" \ | yq -Y 'select(.kind != "ServiceAccount")' \ > "${OLM_DIR}/${COMBINED_FILENAME}" - unset RBAC_PROXY_IMAGE echo "File saved to ${OLM_DIR}/${COMBINED_FILENAME}" fi diff --git a/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml b/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml index 657193316..ccd0a5ecf 100644 --- a/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml +++ b/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml @@ -355,8 +355,6 @@ spec: value: devworkspace-webhookserver-tls - name: RELATED_IMAGE_devworkspace_webhook_server value: quay.io/devfile/devworkspace-controller:next - - name: RELATED_IMAGE_kube_rbac_proxy - value: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: RELATED_IMAGE_project_clone value: quay.io/devfile/project-clone:next - name: WATCH_NAMESPACE @@ -425,17 +423,6 @@ spec: requests: cpu: 250m memory: 100Mi - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: metrics - resources: {} serviceAccountName: devworkspace-controller-serviceaccount terminationGracePeriodSeconds: 10 permissions: diff --git a/go.mod b/go.mod index 3dfefc661..f45bd8a52 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,10 @@ require ( dario.cat/mergo v1.0.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v1.1.3 // indirect + github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.6.1 // indirect github.com/cyphar/filepath-securejoin v0.2.5 // indirect @@ -41,9 +44,11 @@ require ( github.com/emirpasic/gods v1.18.1 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.6.0 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -52,8 +57,10 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/google/cel-go v0.17.8 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/imdario/mergo v0.3.13 // indirect @@ -75,7 +82,16 @@ require ( github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/skeema/knownhosts v1.3.0 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/stoewer/go-strcase v1.2.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect + go.opentelemetry.io/otel/sdk v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect + go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect @@ -89,13 +105,19 @@ require ( golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/grpc v1.58.3 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiserver v0.30.1 // indirect + k8s.io/component-base v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index 682e9b0fc..1073e74c5 100644 --- a/go.sum +++ b/go.sum @@ -13,10 +13,16 @@ github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdko github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= @@ -45,6 +51,8 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= @@ -60,8 +68,11 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E= github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= @@ -86,6 +97,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -95,6 +108,8 @@ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= +github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -111,6 +126,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= @@ -208,6 +225,8 @@ github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -216,6 +235,7 @@ github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRci github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= @@ -225,6 +245,22 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 h1:KfYpVmrjI7JuToy5k8XV3nkapjWx48k4E4JOtVstzQI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= +go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= +go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= +go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -325,6 +361,14 @@ gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6d gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e h1:z3vDksarJxsAKM5dmEGv0GHwE2hKJ096wZra71Vs4sw= +google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= +google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -357,9 +401,13 @@ k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1J k8s.io/apimachinery v0.17.1/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= k8s.io/code-generator v0.17.1/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= @@ -376,6 +424,8 @@ modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= sigs.k8s.io/controller-runtime v0.18.7 h1:WDnx8LTRY8Fn1j/7B+S/R9MeDjWNAzpDBoaSvMSrQME= sigs.k8s.io/controller-runtime v0.18.7/go.mod h1:L9r3fUZhID7Q9eK9mseNskpaTg2n11f/tlb8odyzJ4Y= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/internal/images/image.go b/internal/images/image.go index e7b410ba4..11bd46202 100644 --- a/internal/images/image.go +++ b/internal/images/image.go @@ -34,7 +34,6 @@ var log = logf.Log.WithName("container-images") const ( webhookServerImageEnvVar = "RELATED_IMAGE_devworkspace_webhook_server" - kubeRBACProxyImageEnvVar = "RELATED_IMAGE_kube_rbac_proxy" pvcCleanupJobImageEnvVar = "RELATED_IMAGE_pvc_cleanup_job" asyncStorageServerImageEnvVar = "RELATED_IMAGE_async_storage_server" asyncStorageSidecarImageEnvVar = "RELATED_IMAGE_async_storage_sidecar" @@ -52,17 +51,6 @@ func GetWebhookServerImage() string { return val } -// GetKubeRBACProxyImage returns the image reference for the kube RBAC proxy. Returns -// the empty string if environment variable RELATED_IMAGE_kube_rbac_proxy is not defined -func GetKubeRBACProxyImage() string { - val, ok := os.LookupEnv(kubeRBACProxyImageEnvVar) - if !ok { - log.Error(fmt.Errorf("environment variable %s is not set", kubeRBACProxyImageEnvVar), "Could not get webhook server image") - return "" - } - return val -} - // GetPVCCleanupJobImage returns the image reference for the PVC cleanup job used to clean workspace // files from the common PVC in a namespace. func GetPVCCleanupJobImage() string { diff --git a/main.go b/main.go index 5767dbc96..6f355a4d2 100644 --- a/main.go +++ b/main.go @@ -22,6 +22,8 @@ import ( "os" "runtime" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + "github.com/devfile/devworkspace-operator/controllers/controller/devworkspacerouting" "github.com/devfile/devworkspace-operator/controllers/controller/devworkspacerouting/solvers" "github.com/devfile/devworkspace-operator/pkg/cache" @@ -94,7 +96,7 @@ func init() { func main() { var metricsAddr string var enableLeaderElection bool - flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-addr", ":8443", "The address the metric endpoint binds to.") flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -122,7 +124,9 @@ func main() { mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ - BindAddress: metricsAddr, + BindAddress: metricsAddr, + FilterProvider: filters.WithAuthenticationAndAuthorization, + SecureServing: true, }, WebhookServer: ctrl_webhook.NewServer(ctrl_webhook.Options{ Port: 9443, diff --git a/pkg/webhook/deployment.go b/pkg/webhook/deployment.go index 8e26aae85..2bc037043 100755 --- a/pkg/webhook/deployment.go +++ b/pkg/webhook/deployment.go @@ -113,27 +113,11 @@ func getSpecDeployment(webhooksSecretName, namespace string) (*appsv1.Deployment NodeSelector: globalConfig.Webhook.NodeSelector, Tolerations: globalConfig.Webhook.Tolerations, Containers: []corev1.Container{ - { - Name: "kube-rbac-proxy", - Image: images.GetKubeRBACProxyImage(), - Args: []string{ - "--secure-listen-address=0.0.0.0:9443", - "--upstream=http://127.0.0.1:8080/", - "--logtostderr=true", - "--v=10", - }, - Ports: []corev1.ContainerPort{ - { - Name: server.WebhookMetricsPortName, - ContainerPort: 9443, - }, - }, - }, { Name: "webhook-server", Image: images.GetWebhookServerImage(), Command: []string{"/usr/local/bin/entrypoint"}, - Args: []string{"/usr/local/bin/webhook-server", "--metrics-addr=127.0.0.1:8080"}, + Args: []string{"/usr/local/bin/webhook-server", "--metrics-addr=0.0.0.0:9443"}, ImagePullPolicy: corev1.PullAlways, LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ @@ -181,6 +165,10 @@ func getSpecDeployment(webhooksSecretName, namespace string) (*appsv1.Deployment ContainerPort: 6789, Protocol: corev1.ProtocolTCP, }, + { + Name: server.WebhookMetricsPortName, + ContainerPort: 9443, + }, }, Env: []corev1.EnvVar{ { diff --git a/webhook/main.go b/webhook/main.go index 02fbad1fe..6dd976f54 100644 --- a/webhook/main.go +++ b/webhook/main.go @@ -24,6 +24,8 @@ import ( "runtime" "syscall" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -70,7 +72,7 @@ func main() { logf.SetLogger(zap.New(zap.UseDevMode(config.GetDevModeEnabled()))) var metricsAddr string - flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-addr", ":9443", "The address the metric endpoint binds to.") flag.Parse() // Print versions @@ -109,7 +111,9 @@ func main() { mgr, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ - BindAddress: metricsAddr, + BindAddress: metricsAddr, + FilterProvider: filters.WithAuthenticationAndAuthorization, + SecureServing: true, }, WebhookServer: webhookServer, HealthProbeBindAddress: ":6789", From 1ae0ec2615aaf41692e9e06b4766cccd1de48c54 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Wed, 21 May 2025 15:12:11 +0530 Subject: [PATCH 2/2] remove kube-rbac-proxy container from manifests Signed-off-by: Rohan Kumar --- ...workspace-operator.clusterserviceversion.yaml | 6 +++--- deploy/deployment/kubernetes/combined.yaml | 16 +++------------- ...vworkspace-controller-manager.Deployment.yaml | 16 +++------------- deploy/deployment/openshift/combined.yaml | 16 +++------------- ...vworkspace-controller-manager.Deployment.yaml | 16 +++------------- deploy/templates/base/manager_image_patch.yaml | 6 +----- .../components/csv/clusterserviceversion.yaml | 2 -- deploy/templates/components/manager/manager.yaml | 16 +++------------- 8 files changed, 19 insertions(+), 75 deletions(-) diff --git a/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml b/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml index ccd0a5ecf..08101a117 100644 --- a/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml +++ b/deploy/bundle/manifests/devworkspace-operator.clusterserviceversion.yaml @@ -349,7 +349,7 @@ spec: - args: - /usr/local/bin/devworkspace-controller - --enable-leader-election - - --metrics-addr=127.0.0.1:8080 + - --metrics-addr=0.0.0.0:8443 env: - name: WEBHOOK_SECRET_NAME value: devworkspace-webhookserver-tls @@ -406,6 +406,8 @@ spec: protocol: TCP - containerPort: 6789 name: liveness-port + - containerPort: 8443 + name: metrics readinessProbe: failureThreshold: 3 httpGet: @@ -484,8 +486,6 @@ spec: relatedImages: - image: quay.io/devfile/devworkspace-controller:next name: devworkspace_webhook_server - - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube_rbac_proxy - image: quay.io/devfile/project-clone:next name: project_clone - image: registry.access.redhat.com/ubi9/ubi-micro:9.5-1733126338 diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index 48c9d1dd5..007fa31bd 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -25919,14 +25919,12 @@ spec: - args: - /usr/local/bin/devworkspace-controller - --enable-leader-election - - --metrics-addr=127.0.0.1:8080 + - --metrics-addr=0.0.0.0:8443 env: - name: WEBHOOK_SECRET_NAME value: devworkspace-operator-webhook-cert - name: RELATED_IMAGE_devworkspace_webhook_server value: quay.io/devfile/devworkspace-controller:next - - name: RELATED_IMAGE_kube_rbac_proxy - value: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: RELATED_IMAGE_project_clone value: quay.io/devfile/project-clone:next - name: WATCH_NAMESPACE @@ -25976,6 +25974,8 @@ spec: protocol: TCP - containerPort: 6789 name: liveness-port + - containerPort: 8443 + name: metrics readinessProbe: failureThreshold: 3 httpGet: @@ -25997,16 +25997,6 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-tls-certs readOnly: true - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: metrics serviceAccountName: devworkspace-controller-serviceaccount terminationGracePeriodSeconds: 10 volumes: diff --git a/deploy/deployment/kubernetes/objects/devworkspace-controller-manager.Deployment.yaml b/deploy/deployment/kubernetes/objects/devworkspace-controller-manager.Deployment.yaml index b71c6fca7..828b98ec8 100644 --- a/deploy/deployment/kubernetes/objects/devworkspace-controller-manager.Deployment.yaml +++ b/deploy/deployment/kubernetes/objects/devworkspace-controller-manager.Deployment.yaml @@ -22,14 +22,12 @@ spec: - args: - /usr/local/bin/devworkspace-controller - --enable-leader-election - - --metrics-addr=127.0.0.1:8080 + - --metrics-addr=0.0.0.0:8443 env: - name: WEBHOOK_SECRET_NAME value: devworkspace-operator-webhook-cert - name: RELATED_IMAGE_devworkspace_webhook_server value: quay.io/devfile/devworkspace-controller:next - - name: RELATED_IMAGE_kube_rbac_proxy - value: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: RELATED_IMAGE_project_clone value: quay.io/devfile/project-clone:next - name: WATCH_NAMESPACE @@ -79,6 +77,8 @@ spec: protocol: TCP - containerPort: 6789 name: liveness-port + - containerPort: 8443 + name: metrics readinessProbe: failureThreshold: 3 httpGet: @@ -100,16 +100,6 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-tls-certs readOnly: true - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: metrics serviceAccountName: devworkspace-controller-serviceaccount terminationGracePeriodSeconds: 10 volumes: diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index cf0f1714b..26c4d1373 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -25921,14 +25921,12 @@ spec: - args: - /usr/local/bin/devworkspace-controller - --enable-leader-election - - --metrics-addr=127.0.0.1:8080 + - --metrics-addr=0.0.0.0:8443 env: - name: WEBHOOK_SECRET_NAME value: devworkspace-webhookserver-tls - name: RELATED_IMAGE_devworkspace_webhook_server value: quay.io/devfile/devworkspace-controller:next - - name: RELATED_IMAGE_kube_rbac_proxy - value: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: RELATED_IMAGE_project_clone value: quay.io/devfile/project-clone:next - name: WATCH_NAMESPACE @@ -25978,6 +25976,8 @@ spec: protocol: TCP - containerPort: 6789 name: liveness-port + - containerPort: 8443 + name: metrics readinessProbe: failureThreshold: 3 httpGet: @@ -25999,16 +25999,6 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-tls-certs readOnly: true - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: metrics serviceAccountName: devworkspace-controller-serviceaccount terminationGracePeriodSeconds: 10 volumes: diff --git a/deploy/deployment/openshift/objects/devworkspace-controller-manager.Deployment.yaml b/deploy/deployment/openshift/objects/devworkspace-controller-manager.Deployment.yaml index 9ded74de8..be4c8b959 100644 --- a/deploy/deployment/openshift/objects/devworkspace-controller-manager.Deployment.yaml +++ b/deploy/deployment/openshift/objects/devworkspace-controller-manager.Deployment.yaml @@ -22,14 +22,12 @@ spec: - args: - /usr/local/bin/devworkspace-controller - --enable-leader-election - - --metrics-addr=127.0.0.1:8080 + - --metrics-addr=0.0.0.0:8443 env: - name: WEBHOOK_SECRET_NAME value: devworkspace-webhookserver-tls - name: RELATED_IMAGE_devworkspace_webhook_server value: quay.io/devfile/devworkspace-controller:next - - name: RELATED_IMAGE_kube_rbac_proxy - value: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: RELATED_IMAGE_project_clone value: quay.io/devfile/project-clone:next - name: WATCH_NAMESPACE @@ -79,6 +77,8 @@ spec: protocol: TCP - containerPort: 6789 name: liveness-port + - containerPort: 8443 + name: metrics readinessProbe: failureThreshold: 3 httpGet: @@ -100,16 +100,6 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-tls-certs readOnly: true - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: metrics serviceAccountName: devworkspace-controller-serviceaccount terminationGracePeriodSeconds: 10 volumes: diff --git a/deploy/templates/base/manager_image_patch.yaml b/deploy/templates/base/manager_image_patch.yaml index d536f31fb..4fddefc60 100644 --- a/deploy/templates/base/manager_image_patch.yaml +++ b/deploy/templates/base/manager_image_patch.yaml @@ -14,9 +14,5 @@ spec: env: - name: RELATED_IMAGE_devworkspace_webhook_server value: ${DWO_IMG} - - name: RELATED_IMAGE_kube_rbac_proxy - value: ${RBAC_PROXY_IMAGE} - name: RELATED_IMAGE_project_clone - value: ${PROJECT_CLONE_IMG} - - name: kube-rbac-proxy - image: ${RBAC_PROXY_IMAGE} + value: ${PROJECT_CLONE_IMG} \ No newline at end of file diff --git a/deploy/templates/components/csv/clusterserviceversion.yaml b/deploy/templates/components/csv/clusterserviceversion.yaml index 27af4cafa..decff7daf 100644 --- a/deploy/templates/components/csv/clusterserviceversion.yaml +++ b/deploy/templates/components/csv/clusterserviceversion.yaml @@ -99,8 +99,6 @@ spec: relatedImages: - image: quay.io/devfile/devworkspace-controller:next name: devworkspace_webhook_server - - image: quay.io/brancz/kube-rbac-proxy:v0.13.1 - name: kube_rbac_proxy - image: quay.io/devfile/project-clone:next name: project_clone - image: registry.access.redhat.com/ubi9/ubi-micro:9.5-1733126338 diff --git a/deploy/templates/components/manager/manager.yaml b/deploy/templates/components/manager/manager.yaml index 499d06e15..72180dd38 100644 --- a/deploy/templates/components/manager/manager.yaml +++ b/deploy/templates/components/manager/manager.yaml @@ -10,16 +10,6 @@ spec: terminationGracePeriodSeconds: 10 serviceAccountName: $(CONTROLLER_SERVICE_ACCOUNT) containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - name: metrics - containerPort: 8443 - name: devworkspace-controller image: quay.io/devfile/devworkspace-controller:next ports: @@ -28,6 +18,8 @@ spec: - name: conversion protocol: TCP containerPort: 9443 + - containerPort: 8443 + name: metrics livenessProbe: failureThreshold: 5 httpGet: @@ -51,7 +43,7 @@ spec: args: - /usr/local/bin/devworkspace-controller - --enable-leader-election - - "--metrics-addr=127.0.0.1:8080" + - "--metrics-addr=0.0.0.0:8443" resources: limits: cpu: 3000m @@ -92,5 +84,3 @@ spec: value: "quay.io/eclipse/che-sidecar-workspace-data-sync:0.0.1" - name: RELATED_IMAGE_project_clone value: "quay.io/devfile/project-clone:next" - - name: RELATED_IMAGE_kube_rbac_proxy - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1