Remove dependency on kube-rbac-proxy.

2026-06-06 22:39:22 +00:00 · 2025-12-17 23:06:21 +00:00
parent fee9f74aad
commit 794e2d487a
11 changed files with 130 additions and 79 deletions
@@ -1,5 +1,5 @@
-# This patch inject a sidecar container which is a HTTP proxy for the
-# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+# This patch configures the controller manager to expose metrics securely
+# using controller-runtime's built-in authentication and authorization.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,31 +25,13 @@ spec:
                  values:
                    - linux
      containers:
-      - name: kube-rbac-proxy
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-              - "ALL"
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+      - name: manager
        args:
-        - "--secure-listen-address=0.0.0.0:8443"
-        - "--upstream=http://127.0.0.1:8080/"
-        - "--logtostderr=true"
-        - "--v=0"
+        - "--health-probe-bind-address=:8081"
+        - "--metrics-bind-address=:8443"
+        - "--metrics-secure"
+        - "--leader-elect"
        ports:
        - containerPort: 8443
          protocol: TCP
          name: https
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
-      - name: manager
-        args:
-        - "--health-probe-bind-address=:8081"
-        - "--metrics-bind-address=127.0.0.1:8080"
-        - "--leader-elect"