Remove kube-rbac-proxy and related configuration (#120)

* Remove kube-rbac-proxy configuration Removes configuration related to kube-rbac-proxy, which is deprecated. Related to PLA-318 * Remove existing metrics security settings and resources - Removes secureMetrics setting from main.go - Removes servicemonitor resource and related Helm settings These were incomplete and untested, and we'll eventually come back to this with a more modern and tested implementation.
PrefectHQ · Oct 24, 2024 · 40601b6 · 40601b6
1 parent d70245b
commit 40601b6
Show file tree

Hide file tree

Showing 7 changed files with 2 additions and 133 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -56,15 +56,12 @@ func main() {
 	var metricsAddr string
 	var enableLeaderElection bool
 	var probeAddr string
-	var secureMetrics bool
 	var enableHTTP2 bool
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
-	flag.BoolVar(&secureMetrics, "metrics-secure", false,
-		"If set the metrics endpoint is served securely")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
 	opts := zap.Options{
@@ -98,9 +95,8 @@ func main() {
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme: scheme,
 		Metrics: metricsserver.Options{
-			BindAddress:   metricsAddr,
-			SecureServing: secureMetrics,
-			TLSOpts:       tlsOpts,
+			BindAddress: metricsAddr,
+			TLSOpts:     tlsOpts,
 		},
 		WebhookServer:          webhookServer,
 		HealthProbeBindAddress: probeAddr,

diff --git a/deploy/charts/prefect-operator/README.md b/deploy/charts/prefect-operator/README.md
@@ -86,11 +86,6 @@ tbd
 | commonAnnotations | object | `{}` | annotations to add to all deployed objects |
 | commonLabels | object | `{"app.kubernetes.io/component":"operator"}` | labels to add to all deployed objects |
 | fullnameOverride | string | `"prefect-operator"` | fully override common.names.fullname |
-| kubeRbacProxy.create | bool | `false` | specifies whether the kube-rbac-proxy should be deployed to the cluster |
-| kubeRbacProxy.image | string | `"gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0"` | the image of the kube-rbac-proxy to use |
-| kubeRbacProxy.name | string | `"kube-rbac-proxy"` | the name of the kube-rbac-proxy to use |
-| metrics.enabled | bool | `false` | enable the export of Prometheus metrics |
-| metrics.serviceMonitor.enabled | bool | `false` | creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) |
 | nameOverride | string | `""` | partially overrides common.names.name |
 | namespaceOverride | string | `""` | fully override common.names.namespace |
 | operator.affinity | object | `{}` | affinity for operator pods assignment |

diff --git a/deploy/charts/prefect-operator/templates/deployment.yaml b/deploy/charts/prefect-operator/templates/deployment.yaml
@@ -55,10 +55,6 @@ spec:
           command:
             - /manager
           args:
-            {{- if .Values.kubeRbacProxy.create }}
-            - --health-probe-bind-address=:8081
-            - --metrics-bind-address=127.0.0.1:8080
-            {{- end }}
             - --leader-elect
           env:
             {{- if .Values.operator.extraEnvVars }}
@@ -86,29 +82,3 @@ spec:
               port: 8081
           {{- toYaml .Values.operator.readinessProbe.config | nindent 12 }}
           {{- end }}
-        {{- if .Values.kubeRbacProxy.create }}
-        - name: {{ .Values.kubeRbacProxy.name }}
-          image: {{ .Values.kubeRbacProxy.image }}
-          imagePullPolicy: IfNotPresent
-          args:
-            - "--secure-listen-address=0.0.0.0:8443"
-            - "--upstream=http://127.0.0.1:8080/"
-            - "--logtostderr=true"
-            - "--v=0"
-          ports:
-            - containerPort: 8443
-              name: https
-              protocol: TCP
-          resources:
-            requests:
-              cpu: 5m
-              memory: 64Mi
-            limits:
-              cpu: 500m
-              memory: 128Mi
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-        {{- end }}
diff --git a/deploy/charts/prefect-operator/templates/kube-rbac-proxy-rbac.yaml b/deploy/charts/prefect-operator/templates/kube-rbac-proxy-rbac.yaml
diff --git a/deploy/charts/prefect-operator/templates/kube-rbac-proxy-service.yaml b/deploy/charts/prefect-operator/templates/kube-rbac-proxy-service.yaml
diff --git a/deploy/charts/prefect-operator/templates/servicemonitor.yaml b/deploy/charts/prefect-operator/templates/servicemonitor.yaml
diff --git a/deploy/charts/prefect-operator/values.yaml b/deploy/charts/prefect-operator/values.yaml
@@ -165,27 +165,3 @@ serviceAccount:
   name: ""
   # -- additional service account annotations (evaluated as a template)
   annotations: {}
-
-
-## Kube RBAC Proxy Configuration
-## TODO add some more info here
-## The kube-rbac-proxy protects your /metrics endpoint.
-## ref: https://github.com/brancz/kube-rbac-proxy
-kubeRbacProxy:
-  # -- specifies whether the kube-rbac-proxy should be deployed to the cluster
-  create: false
-  # -- the name of the kube-rbac-proxy to use
-  name: kube-rbac-proxy
-  # -- the image of the kube-rbac-proxy to use
-  image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0
-
-
-## Prometheus Metrics Configuration
-## This needs to be tested
-metrics:
-  # -- enable the export of Prometheus metrics
-  enabled: false
-  ## Prometheus Operator ServiceMonitor configuration
-  serviceMonitor:
-    # -- creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
-    enabled: false