Removed support for kube-rbac-proxy in Kubebuilder v4 #399

pmalek · 2024-07-05T09:21:19Z

Kubebuilder v4 removes support for that image. Images from gcr.io/kubebuilder/kube-rbac-proxy repo will be available until March 18, 2025.

In order to keep support for metrics endpoint protection we can

migrate to using https://quay.io/repository/brancz/kube-rbac-proxy which is not supported or endorsed by kubebuilder
drop protection from metrics endpoint
look into other solutions like introduced in kubebuilder 4.1.0

Re-introduces authn/authz protection for the metrics endpoint using WithAuthenticationAndAuthorization provided by controller-runtime. (✨ Add protection to metrics endpoint using authn/authz via controller-runtime feature kubernetes-sigs/kubebuilder#4003)

KGO's repo doesn't use or include kube-rbac-proxy
Helm chart is updated with a migration plan (in which chart version https://github.com/Kong/charts/blob/610f2b8c303e51c8af23d7a481d8d9d122fc3f59/charts/gateway-operator/values.yaml#L5-L16 setting are going to be removed) and a version expressing the deprecation (or straight out removal) is released.

The text was updated successfully, but these errors were encountered:

pmalek · 2024-12-05T11:21:24Z

The data at which gcr.io/kubebuilder/kube-rbac-proxy will become unavailable is slowly approaching.

Let's discuss this on the next sync meeting.

tao12345666333 · 2024-12-18T12:07:18Z

I want to pick up this one.

lahabana · 2024-12-20T14:38:58Z

pmalek added this to the KGO v1.5.x milestone Dec 5, 2024

lahabana added the release/required label Dec 10, 2024

tao12345666333 self-assigned this Dec 18, 2024

tao12345666333 linked a pull request Dec 25, 2024 that will close this issue

chore: remove kube-proxy-rbac #956

Draft

1 task

Provide feedback